Hello Andrew,
imagine you have many files with CID data (customer identified data) and you
must protect them after the EU data protection law.
Now you must clean all data of the customer x.
And this should be secure.
A simple trick might be to use encryption. All files get encrypted with a
On Fri, Jul 22, 2016 at 07:39:40PM -0400, Chris Laprise wrote:
> But there is no need to patch LUKS to accomplish this, and using only
> passphrases as the trigger mechanism is probably too cumbersome in some
> situations anyway.
>
> This could be scripted with better results and flexibility for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-07-25 01:27, 0'192348'019438'0194328'0914328'0931 wrote:
> Hallo,
>
> perhaps a fast option will be a strong encrypted disk and the nuke feature
> to destroy the password
I think you mean wipe the LUKS header.
> or better
Hallo,
perhaps a fast option will be a strong encrypted disk and the nuke feature to
destroy the password or better password-expansion (a hash which is longer than
the password)...
- full disk encryption
- double full disk encryption with two independent passwords and independent
encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-07-22 16:39, Chris Laprise wrote:
> On 07/22/2016 07:03 PM, Andrew David Wong wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>>
>> On 2016-07-22 08:15, TheFactory wrote:
>>> Another good use for this feature is that you can
Yes mirroring it and reading it outside of the hardware would make it easy, as
well as having them be able to do it while you still have the machine. But
that's why you pair it with tpm. To at least try and force them to use your
machine.
The recent incident with an older iphone is one example
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-07-22 08:15, TheFactory wrote:
> Another good use for this feature is that you can pre-program in some
> landmines to destroy the drive and overcome brute force. Since the LUKS
> password prompt on my install of 3.2 has little to no delay
Another good use for this feature is that you can pre-program in some landmines
to destroy the drive and overcome brute force. Since the LUKS password prompt
on my install of 3.2 has little to no delay between password attempts one could
use a mid range gpu to try millions of passwords. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-06-29 07:02, flux wrote:
> I really think this feature would fit in Qubes.
>
> https://www.kali.org/tutorials/emergency-self-destruction-luks-kali/
>
> TL;DR this patch uses one LUKS keyslot to add a password which
> wipes the LUKS header,
J.M. Porup:
> On Wed, Jun 29, 2016 at 02:30:34PM -0700, flux wrote:
>> My thoughts were more along the lines of mitigative travel protection
>> crossing borders and such. Like, you can boot to decryption but if the
>> device is seized, no valid decryption can actually be performed. But as you
On Wed, Jun 29, 2016 at 02:30:34PM -0700, flux wrote:
> My thoughts were more along the lines of mitigative travel protection
> crossing borders and such. Like, you can boot to decryption but if the device
> is seized, no valid decryption can actually be performed. But as you say,
> depending
You bring valid points, I was definitely excited to learn about the feature.
My thoughts were more along the lines of mitigative travel protection crossing
borders and such. Like, you can boot to decryption but if the device is seized,
no valid decryption can actually be performed. But as you
12 matches
Mail list logo
