(oddlama.org)

189 points arjvik | 2 comments | 17 Jan 25 03:00 UTC | HN request time: 0s | source

Show context

acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]▶

I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #

udev4096 ◴[17 Jan 25 05:59 UTC] No.42734516[source]▶

>>42733994 #

It's just not practical. How are you going to manually enter the password for let's say 10 servers?

replies(1): >>42734848 #

1. johnisgood ◴[17 Jan 25 07:00 UTC] No.42734848[source]▶

>>42734516 #

USB pendrive with random key, no need to enter anything and is more secure and gives you plausible deniability through many different means.

replies(1): >>42735351 #

2. cedilla ◴[17 Jan 25 08:43 UTC] No.42735351[source]▶

>>42734848 (TP) #

Going around 10 servers with a USB drive sounds just as tedious, and what happens when you lose the key or the attacker gets it?

↑

Bypassing disk encryption on systems with automatic TPM2 unlock