(oddlama.org)

189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0.263s | source

Show context

acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]▶

I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #

logifail ◴[17 Jan 25 07:18 UTC] No.42734925[source]▶

>>42733994 #

> I don't understand why anyone would use passwordless disk encryption

You want to install and operate a device at a remote site with restricted (or no) VPN access and where you don't trust the local staff?

replies(1): >>42735194 #

artiscode ◴[17 Jan 25 08:12 UTC] No.42735194[source]▶

>>42734925 #

A remote KVM, i.e TinyPilot will help avoid dealing with lack of trust in local staff. Additionally connection to the KVM can be done over LTE/Cellular if you don't trust the local connection too.

replies(2): >>42735321 #>>42736713 #

1. nh2 ◴[17 Jan 25 12:11 UTC] No.42736713[source]▶

>>42735194 #

How does this make sense?

Any change the untrusted local staff could make to the server, they could also make to the KVM machine (e.g. turn it into a keylogger).

Now you have the same problem but with a smaller computer.

You cannot turn untrusted systems into trusted systems by adding more untrusted systems.

↑

Bypassing disk encryption on systems with automatic TPM2 unlock