←back to thread

212 points arjvik | 4 comments | | HN request time: 0.831s | source
Show context
acheong08 ◴[] No.42733994[source]
I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(20): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #>>42749423 #
1. udev4096 ◴[] No.42734516[source]
It's just not practical. How are you going to manually enter the password for let's say 10 servers?
replies(1): >>42734848 #
2. johnisgood ◴[] No.42734848[source]
USB pendrive with random key, no need to enter anything and is more secure and gives you plausible deniability through many different means.
replies(1): >>42735351 #
3. cedilla ◴[] No.42735351[source]
Going around 10 servers with a USB drive sounds just as tedious, and what happens when you lose the key or the attacker gets it?
replies(1): >>42750140 #
4. johnisgood ◴[] No.42750140{3}[source]
You generate a new one and replace it. Those what ifs apply to passwords as well.

It might sound tedious for 10 servers, but passwords are even more so.

For desktop, it is definitely the way.