Re: How to protect an encrypted file system for off-line attack?
On 02/22/2009 07:03 PM, Javier wrote:
Now imagine the worst situation, that a friend wants to protect his data
from his corrupt dictatorial government, and he doesn't want to directly
make the question here, because he is afraid.
From your name, we can reasonably narrow it down. I.e., he's
probably not in the PRC...
I think the SD with stored password is a good solution. While he is not
in the house, he can carry the SD
And if he's caught, they find it on him.
or have it hidden somewhere.
That which is hidden can be found.
is in the house, and police enter, he might
He goes thru the hassle of encrypting everything, then relies on
have enough time to probably
destroy the SD and turn off the computer.
Pulling the plug, though, is pretty quick.
What would you recommend in this imaginary case?
For him to use his memory. But even then, rubber hose decryption
can be quite effective.
Annyhow, I'd suggest that sensitive files be stored in an
innocuously-named encfs directory mounted with the --idle= option.
Also, I have seen that encfs support up to 2048 characters for the pass
phrase. Is it better to have a very large random pass, or it is
irrelevant at some point?
If he can remember a long phrase, longer is always better...
Something like the first 5 or six words of a widely-known (but
seemingly irrelevant) document.
And which is better, Blowfish or AES?
Ron Johnson, Jr.
Jefferson LA USA
The feeling of disgust at seeing a human female in a Relationship
with a chimp male is Homininphobia, and you should be ashamed of