On 10/25/06, Sarad AV <jtrjtrjtr2001@yahoo.com> wrote:
... [link: At U.S. borders, laptops have no right to privacy.]
that's nice. i'm glad i am aware of and utilize something called "full disk encryption". you may have heard of it, and wanted some, but most of it sucks and is far to expensive or cumbersome to use. [1] AES-256 behind two (n?) factor auth and they can take my disks and probe until the (32bit) time_t overflow, enjoy. my mitigation is now a broadband line and a few hours of distraction to "re cache" my new laptop/hdd. [2] that's the beauty of full disk crypto: no worries about physical theft/loss, physical data recovery on platters, trojans compromising your boot sequence or key mgmt tools and rootkit'ing / sniffing your secrets. [3] ah, much better... "beg your pardon, you need my what for the laptop to clear inspection? ... heheh, you're an amusing individual. can i have my laptop back or will you keep it out of spite?" --- 1. is 2007 the year of full disk encryption? we should start an anonymous betting pool backed by pre-paid visa / e-gold accounts tied to fictitious identities... (at least, before they legislate/strong-arm pre-paid phones, credit cards, and other privacy preserving financial/communication services into the ether via the convenient shock-fear-prod's of child pr0n and terrorism) 2. this assumes you also regularly perform full and incremental backups, and verify / test archive / backup integrity prior to finding out you actually don't have another copy of the data that just walked out the door and became pure entropy in this lost context... 3. assuming it is designed, implemented, and usable enough to be secure against these threats without leaving important information perilously vulnerable to exploits or catastrophic failure. this is a hard problem (tm) :)