(oddlama.org)

189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0s | source

Show context

acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]▶

I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #

logifail ◴[17 Jan 25 07:18 UTC] No.42734925[source]▶

>>42733994 #

> I don't understand why anyone would use passwordless disk encryption

You want to install and operate a device at a remote site with restricted (or no) VPN access and where you don't trust the local staff?

replies(1): >>42735194 #

artiscode ◴[17 Jan 25 08:12 UTC] No.42735194[source]▶

>>42734925 #

A remote KVM, i.e TinyPilot will help avoid dealing with lack of trust in local staff. Additionally connection to the KVM can be done over LTE/Cellular if you don't trust the local connection too.

replies(2): >>42735321 #>>42736713 #

1. logifail ◴[17 Jan 25 08:37 UTC] No.42735321{3}[source]▶

>>42735194 #

I set up a server last year which is at a remote site which is completely air-gapped from the Internet, it's allowed to see one local LAN and that's all. For any kind of admin task someone has to drive to site.

There is precisely zero chance that the relevant IT security goons would allow any kind of remote KVM/LTE connection.

↑

Bypassing disk encryption on systems with automatic TPM2 unlock