[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to protect an encrypted file system for off-line attack?



On 02/22/2009 07:03 PM, Javier wrote:
[snip]
Now imagine the worst situation, that a friend wants to protect his data
from his corrupt dictatorial government, and he doesn't want to directly
make the question here, because he is afraid.

From your name, we can reasonably narrow it down. I.e., he's probably not in the PRC...

I think the SD with stored password is a good solution. While he is not
in the house, he can carry the SD

And if he's caught, they find it on him.

                                  or have it hidden somewhere.

That which is hidden can be found.

                                                               While he
is in the house, and police enter, he might

He goes thru the hassle of encrypting everything, then relies on "might"????

                                             have enough time to probably
destroy the SD and turn off the computer.

Pulling the plug, though, is pretty quick.

What would you recommend in this imaginary case?

For him to use his memory. But even then, rubber hose decryption can be quite effective.

Annyhow, I'd suggest that sensitive files be stored in an innocuously-named encfs directory mounted with the --idle= option.

Also, I have seen that encfs support up to 2048 characters for the pass
phrase. Is it better to have a very large random pass, or it is
irrelevant at some point?

If he can remember a long phrase, longer is always better...

Something like the first 5 or six words of a widely-known (but seemingly irrelevant) document.

And which is better, Blowfish or AES?

AES.

--
Ron Johnson, Jr.
Jefferson LA  USA

The feeling of disgust at seeing a human female in a Relationship
with a chimp male is Homininphobia, and you should be ashamed of
yourself.


Reply to: