[ILUG] Hard Disk Protection in Live CD Boot Ups
Josh Glover
jmglov at gmail.com
Wed Jan 14 11:24:07 GMT 2009
2009/1/13 Paul O'Malley - gnu's not unix - <ompaul at eircom.net>:
> disk encryption fails when you forget the password - not if
Which is why you might want to consider writing the password down somewhere.
This is not as stupid as it sounds, if done right. I have a file with
all of my passwords, encrypted with GPG, and stored in quite a few
places, including as an attachment to a saved draft on Gmail. Should I
forget the passphrase to my encrypted partitions, I am safe as long as
I can get to that file and download it.
The things that have to go wrong in order for me to lose access to my
encrypted partitions are:
1. Forget the passphrase
2. And one of:
a. Forget my GPG key passphrase (not likely, since I use it multiple
times a day)
b. Lose access to all of the copies of my password file (not likely,
as it exists on several hard drives, Gmail, and S3)
c. No longer trust my GPG key (not likely, since if my key was
compromised, I'd decrypt my password file, revoke my key, change all
my passwords, generate a new key, and encrypt the password file with
the new key)
d. Have no access to a trusted computer on which I can use my GPG key
to decrypt my password file (the most likely case of all, but this one
is transitory)
e. Lose my GPG key (not likely, since it exists, albeit in encrypted
form, on S3, Gmail, and several hard drives)
Note that no less a security expert than Bruce Schneier recommends
writing down your passwords:
http://www.schneier.com/blog/archives/2005/06/password_safe.html
--
Cheers,
Josh
More information about the ILUG
mailing list