[Nottingham] gpgpwd - keeping a commandline passwords list
James Moore
jmthelostpacket at googlemail.com
Wed Jun 20 18:15:14 UTC 2012
On 19/06/2012 10:53, Mike Cardwell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 19/06/12 10:46, Jason Irwin wrote:
>
>>> https://en.wikipedia.org/wiki/Deniable_encryption They can't
>>> compel you to decrypt something that they can't prove exists.
>> So long as: 1) you have no logs or other evidence on your system
>> pointing to its existence; 2) the existence cannot be inferred from
>> the total size of the file and the size actually decrypted; 3) the
>> deniablity itself is secure
>> https://en.wikipedia.org/wiki/Deniable_encryption#Detection; 4)
>> your passphrase is strong enough to make a brute-force
>> impractical; 5) they don't catch you with the hidden volume
>> mounted.
> Yes, that all falls under the caveat that they can't first prove that
> it exists.
>
>> Various rumours/news reports crop up from time-to-time about
>> crypto being cracked. There's always caveats around how it was
>> done, for example:
>> http://www.theregister.co.uk/2012/02/03/apple_disc_crypto_broken/
> Yes, the firewire DMA attack is well known. That's why I disable
> firewire in the BIOS and prevent the kernel module from loading. It's
> also one of the reasons that I make sure my FDE key stays out of
> system RAM and hides in the CPU debug registers thanks to a helpful
> Linux kernel patch named TRESOR.
>
>> Did you miss Paul's talk on crypto? It was
>> enlightening/interesting/terrifying/educational.
> I did yes, it was shortly before I subscribed to this list.
>
>
I've not seen a laptop with built-in firewire in years. Last year when I
bought my current toaster, I asked if there was anything with firewire
and got a blank stare and "um...". Took that as a "no" and bought a Tosh
D755. Still after something (anything, read: portable) with firewire
built in...
More information about the Nottingham
mailing list