(oddlama.org)

212 points arjvik | 2 comments | 17 Jan 25 03:00 UTC | HN request time: 0.423s | source

Show context

acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]▶

I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(20): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #>>42749423 #

1. surajrmal ◴[18 Jan 25 16:25 UTC] No.42749423[source]▶

>>42733994 #

Full disk encryption is just inherently a flawed approach compared to per file encryption. Androids approach of only protecting user data with behind the password and otherwise using a separate encryption key to allow the os to boot to the lock screen and some apps to run (eg alarms) is a more user friendly approach. Unfortunately we don't seem to have that sortve option available to us with desktop OS.

replies(1): >>42751078 #

2. betaby ◴[18 Jan 25 20:15 UTC] No.42751078[source]▶

>>42749423 (TP) #

> Unfortunately we don't seem to have that sortve option available to us with desktop OS.

As I understand MacOS uses per file encryption on AFS.

↑

Bypassing disk encryption on systems with automatic TPM2 unlock