thus, lose/destroy your boot key in worst case scenario, and you won’t be able to provide the decryption key under duress. but, that passphrase is not what was used to encrypt your hd. you’ll know the passphrase to unlock the gpg encrypted keyfile. then, use cryptsetup to gpg encrypt the random 8k keyfile, which will include it in your boot image. one method for this involves using luks for encrypting your hard drive and using a random 8k keyfile for the keyphrase. but, if it is imperative that you cannot be exploited to give up the decryption mechanism, you should use a method that prevents you from knowing the decryption keys while being able to easily hide or lose the decryption mechanism. yes, encryption of the hard drive offers another barrier.
The hard reality, as a user that relies on anonymizing software, is that the game is pretty much over if you’ve been located.
“plausible deniability” no longer required because there is nothing to deny. cross the border clean and download the problematic data later. a simpler means is storing data that you may need at a another location in a properly encrypted and anonymized means at a temporary location on the internet. however, it’s still a risk for the reasons above. Others have referenced a scenario where “plausible deniability” is good for crossing borders with sensitive data. Will your plausible deniability succeed in such a scenario? most likely not. you’ll sit in confinement until you cooperate.” zap you sure about that?"Īttacker scenario b: “we don’t believe you. it assumes you are in a worst case scenario where your adversary is sufficiently restricted by rules that they will obey.Īttacker scenario a: "administer the shocks on this chump. Hidden folders for plausible deniability is more theoretical than practical.
0 kommentar(er)
