Comment by estimator7292
1 day ago
My Linux drives are all encrypted, and one of the wonderful features of this is that there is no entity or force on this planet that can decrypt them.
What happens if I forget my keys? Same thing that happens if my computer gets struck by a meteor. New drive, new key, restore contents from backups.
It's simple, secure, set-and-forget, and absolutely nobody but me and your favored deity have any idea what's on my drives. Microsoft and the USGov don't have any business having access to my files, and it's completely theoretically impossible for them to gain access within the next few decades.
Don't use Windows. Use a secure operating system. Windows is not security for you, it's security for a hostile authoritarian government.
It's a good start, but FDE alone is still fairly easy to compromise in many cases. If you ever type the password under a camera, it may be leaked. If the device ever leaves your possession and you don't have secure boot, your bootloader can be trivially altered to leak the password. Then there are keyloggers. And cold boot attacks can often be done if your system is running.
And finally-- there are other more "traditional" ways to get people to divulge their keys.
https://xkcd.com/538/
> What happens if I forget my keys? … restore contents from backups.
What happens if you forget your backup keys?
Sticky note in a secure location
Redownload everything from OneDrive and Outlook.com.. shit!! ;D
Yeah, if the drive can be encrypted by an external party that you didn't give permission, I'm not sure how it's really "encryption" other than burning cycles when doing writes.
> there is no entity or force on this planet that can decrypt them.
At this point I think all of the modern, widely used symmetric cryptography that humans have invented will never be broken in practice, even by another more technologically advanced civilization.
On the asymmetric side, it's a different story. It seems like we were in a huge rush to standardize because we really needed to start PQ encrypting data in transit. All the lattice stuff still seems very green to me. I put P(catastrophic attack) at about 10% over the next decade.
Obligatory XKCD https://xkcd.com/538
alternatively, being held in contempt for a decade for refusing to give passwords
the only real defense of privacy these days is to literally not write anything down or store it in any way
You should also have several large random blobs with incriminating filenames on your hard drive. Attackers won't know which one is encrypted and which one is random. If you like, you can have an encrypted blob of decoy data next to your random blobs and your actually incriminating encrypted blob, and if you're duressed, you reveal that one as the real one.
[dead]
I wish there was more people like you and me.
Privacy is not a crime.
I wish people didn't have to be like us to have privacy.