Somewhat OT, encryption question
vendor at billoblog.com
Wed Nov 26 20:47:25 UTC 2014
On Wed, 26 Nov 2014, Bill Oliver wrote:
> On Wed, 26 Nov 2014, Bruno Wolff III wrote:
>> On Wed, Nov 26, 2014 at 17:39:34 +0000,
>> Bill Oliver <vendor at billoblog.com> wrote:
>> > For the HP issue, the fix is easy -- you just delete the command to
>> > check during boot up. But, I was thinking about this as an encryption
>> > option -- where one could encrypt files in a way that automatically
>> > incorporates hardware information with the passphrase. That way, if
>> > someone were to intercept a file and knew your passphrase, they would
>> > still not be able to decrypt the file unless they did it on one specific
>> > machine.
>> What threats are you trying to counter? The normal putting file systems on
>> top of a luks container should be good enough for a lot of threats.
> I don't want someone to be able to image my disk and unencrypt it on a
> different machine if they have intercepted my passphrase.
Actually, let me be more specific. Let's say I have data on a flash
drive that is encrypted using gpg. We can even say the flash drive
itself is encrypted.
Now let's say that flash drive is stolen, lost, etc. *and* the
passphrase is compromised. I want the data on the flash drive to be
available *only on one computer* even if the passphrase is known.
More information about the users