Somewhat OT, encryption question

Bill Oliver vendor at
Wed Nov 26 20:47:25 UTC 2014

On Wed, 26 Nov 2014, Bill Oliver wrote:

> On Wed, 26 Nov 2014, Bruno Wolff III wrote:
>>  On Wed, Nov 26, 2014 at 17:39:34 +0000,
>>   Bill Oliver <vendor at> wrote:
>> > 
>> >  For the HP issue, the fix is easy -- you just delete the command to 
>> >  check during boot up.  But, I was thinking about this as an encryption 
>> >  option -- where one could encrypt files in a way that automatically 
>> >  incorporates hardware information with the passphrase.  That way, if 
>> >  someone were to intercept a file and knew your passphrase, they would 
>> >  still not be able to decrypt the file unless they did it on one specific 
>> >  machine.
>>  What threats are you trying to counter? The normal putting file systems on
>>  top of a luks container should be good enough for a lot of threats.
> I don't want someone to be able to image my disk and unencrypt it on a
> different machine if they have intercepted my passphrase.

Actually, let me be more specific.  Let's say I have data on a flash
drive that is encrypted using gpg.  We can even say the flash drive
itself is encrypted.

Now let's say that flash drive is stolen, lost, etc. *and* the
passphrase is compromised.  I want the data on the flash drive to be
available *only on one computer* even if the passphrase is known.


More information about the users mailing list