On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote: > How strong should the SRK password strength be? Should it be as strong > as a password for full disk encryption? > > Is it sane to use same password as SRK password as well as for full disk > encryption? > > Cheers, > Patrick
Think about the attack surface. Evil maid needs to come into your room and has about 2 hours to attack your machine. The disk encryption needs to be much stronger. You take a flight to a country with some "security needs" and your laptop is shipped 2 days after your landing to your hotel. The $agencies copied your harddisk and modified your bios (ME, UEFI) and you shop for a new laptop of the same series, pay cash and migrate your harddisk to the new machine. So the $agencies are sad as they can not capture your key strokes but they can work years with your harddisk image. The evil maid has not so much time, also she can not prepare much. So if you have problems, maybe, you can decrease the security of SRK password, but be sure to have enough entropy in a password. Cheers. As all have nothing to hide, we will not need to buy a new laptop on holidays :-) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5661490d-8fe7-43b4-a7e7-d399b717357d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.