Re: How to protect an encrypted file system for off-line attack?

To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line attack?
From: Javier <javuchi@gmail.com>
Date: Tue, 24 Feb 2009 00:10:54 +0100
Message-id: <[🔎] gnvabj$2in$1@aioe.org>
References: <[🔎] gnp9am$bbh$1@aioe.org> <[🔎] c956da920902221017r4174f314mf305b262a805cc6d@mail.gmail.com> <[🔎] gnssjh$4bt$2@aioe.org> <[🔎] c956da920902222106r35373d83s50d78856c194f098@mail.gmail.com> <[🔎] gnug2l$b02$1@aioe.org> <[🔎] 9543b3a40902231016t5c59b02as11faee5ea1cfb9c4@mail.gmail.com>

Jordi Gutiérrez Hermoso escribió:
> 2009/2/23 Javier <javuchi@gmail.com>:
>> The main point here is: if he is lucky enough, no police would enter
>> into his house.
> 
> Since this has become a tinfoil hat thread more than an encryption thread...
> 
> My own personal solution to the problem has been this: my hard drive
> decryption password is 25 random printable ASCII characters. And I do
> mean random. It's something like >]\gj-eR4cn-nc;I@{gaWA*pO, which I
> have committed to *muscle memory*. That is, if you ask me what my
> password is, I genuinely don't know it, because I have to sit in front
> of a keyboard to type it out, and I often make mistakes. I also rotate
> it once a year. My hope is that this means the password can't be
> obtained from me under duress, because I would be unable to type it
> out without making mistakes if I were under duress.
> 
> My paranoia is vaguely justified, since I live in Mexico and we do
> have an ongoing history of torture in this country, although I'm not
> too sure what the torturers could want from my hard drive except my
> homemade pr0n (that's really the reason I encrypt my laptop's hard
> drive, so that in case of theft my girlfriend and I don't end up in
> RedTube). How do you justify your paranoia, Javier? ;-)
> 
> - Jordi G. H.
> 
> 

I've discovered that the program apg is very nice, it can produce
lengthy but pronounceable pass phrases like these (40 readable chars,
probably equivalent to a 256bit random one):

# apg -m 40
WoitshEfHoQuagAdCurnashiawRaikBatJakEax,
gohoirAsejhukcaroldOafyebgimwacpokAtulv,
JewvudNuitImEbotThitObijedTehosenyebbev?
OjRalavCiHomOn3omesDifNicEfBisyokaddagOo
ubhousWicyerfeaTwephijhuDreapNogJosisIj5
ZykAdbeinAckrahapecdofsEnLojkitfucAxooj*


About my paranoia... not that much. I've never used encryption until
now, I have nothing to hide to police, and am living in Spain, which is
supposed to be a good democratic country. But I have recently adquired a
laptop, and there is sensible data in it, like passwords, private mail
from people with truly despotic goverments, personal photos, and some
private data from the work which might be convenient to protect. I'm
more worried about friends...

Reply to:

Follow-Ups:
- Re: How to protect an encrypted file system for off-line attack?
  - From: Celejar <celejar@gmail.com>

References:
- How to protect an encrypted file system for off-line attack?
  - From: Javier <javuchi@gmail.com>
- Re: How to protect an encrypted file system for off-line attack?
  - From: Jeff Soules <soules@gmail.com>
- Re: How to protect an encrypted file system for off-line attack?
  - From: Javier <javuchi@gmail.com>
- Re: How to protect an encrypted file system for off-line attack?
  - From: Jeff Soules <soules@gmail.com>
- Re: How to protect an encrypted file system for off-line attack?
  - From: Javier <javuchi@gmail.com>
- Re: How to protect an encrypted file system for off-line attack?
  - From: Jordi Gutiérrez Hermoso <jordigh@gmail.com>

Prev by Date: Re: How to protect an encrypted file system for off-line attack?
Next by Date: Re: Bug in Iceweasel: Graphics not displayed
Previous by thread: Re: How to protect an encrypted file system for off-line attack?
Next by thread: Re: How to protect an encrypted file system for off-line attack?
Index(es):
- Date
- Thread