← Back to context

Comment by michaelt

9 hours ago

> Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room.

...in which case having a cloud backup of the full disk encryption key is pointless, because you don't have access to the disk any more.

1 comment

michaelt

Reply
B1FIDO  8 hours ago

> pointless

Full-disk encryption is the opposite of pointless, my dude! The notebook-thief cannot access my data! That is the entire point!

No, I cannot recover the data from an HDD or SSD that I don't possess. But neither can the thief. The thief cannot access the keys in my cloud. Isn't that the point?

If a thief steals a notebook that isn't encrypted at all, then they can go into the storage, even forensically, and extract all my data! Nobody needs a "key" or credentials to do that! That was the status quo for decades in personal computing--and even enterprise computing. I've had "friends" give me "decommissioned" computers that still had data on their HDD from some corporation. And it would've been readable if I had tried.

The thief may have stolen a valuable piece of kit, but now all she has is hardware. Not my data. Not to mention, if your key was in a cloud backup, isn't most of your important data in the cloud, as well? Hopefully the only thing you lost with your device are the OS system files, and your documents are safely synced??