[qubes-users] Re: Anti Evil Maid (AEM) - SRK password strength? Sane to use same password as for full disk encryption?

2017-11-08 Thread ludwig jaffe
On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote:
> How strong should the SRK password strength be? Should it be as strong
> as a password for full disk encryption?
> 
> Is it sane to use same password as SRK password as well as for full disk
> encryption?
> 
> Cheers,
> Patrick

Another analog thing: one can exchange your laptop into a similar model and 
place it into your room and you type your password into "your" computer, but 
this one captures it and reports it to $agencies.
So paint your laptop with glitter paint and make a photo in a secure 
environment. So faking the random distribution of the particles is impossible, 
so one can just compare the pictures to be sure to have your machine.
Just to be sure, and it looks cool :-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a256f60d-d27b-4d4d-ba6c-4ef7ccceb35a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Anti Evil Maid (AEM) - SRK password strength? Sane to use same password as for full disk encryption?

2017-11-08 Thread ludwig jaffe
On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote:
> How strong should the SRK password strength be? Should it be as strong
> as a password for full disk encryption?
> 
> Is it sane to use same password as SRK password as well as for full disk
> encryption?
> 
> Cheers,
> Patrick

Think about the attack surface. Evil maid needs to come into your room and has 
about 2 hours to attack your machine.
The disk encryption needs to be much stronger. You take a flight to a country 
with some "security needs" and your laptop is shipped 2 days after your landing 
to your hotel.
The $agencies copied your harddisk and modified your bios (ME, UEFI) and you 
shop for a new laptop of the same series, pay cash and migrate your harddisk to 
the new machine.
So the $agencies are sad as they can not capture your key strokes but they can 
work years with your harddisk image.
The evil maid has not so much time, also she can not prepare much.
So if you have problems, maybe, you can decrease the security of SRK password,
but be sure to have enough entropy in a password.

Cheers.
As all have nothing to hide, we will not need to buy a new laptop on holidays 
:-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5661490d-8fe7-43b4-a7e7-d399b717357d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.