Comment by jtriangle
2 years ago
If the feds have you device, they have everything, regardless of how hard you try to lock it down. Not worth even considering how to keep them out because you're simply not going to.
Also consider that, a sufficiently motivated private threat actor is likely going to break a pin, there's not enough entropy there, or they'll hit you with a $10 harbor freight pipe wrench until you tell them the pin.
For everything else, bitlocker, LUKS, or equivalent is more than sufficient and battle tested for those uses. Yes there are ways of breaking both, conditional on XYZ, etc, but, they're good enough. It does force you to multiboot, but that's good practice anyway, no reason someone using your computer should be using your root partition in 2024.
Ugh. I shouldn't have even mentioned the feds. This isn't threat actor level stuff. The thing that bothers me is that if I let a non-technical user onto my computer to do something like write an essay for school, they might stumble upon some messages that should have been private. There's zero protection. That's why I called adding a pin the thinnest possible level of security.