|
| ▲ | BHSPitMonkey 4 days ago | parent | next [-] |
| When it comes to disk encryption, at least in the home, the threat model isn't somebody sitting around in your home finding a way to exfiltrate the currently-unlocked filesystem; It's someone taking the computer or the drive with them and leaving. In your analogy, the key atop the vault vanishes as soon as the vault is moved from its location (loses power). |
| |
| ▲ | anyfoo 4 days ago | parent [-] | | If that was the case (maybe it is, I don’t know), then how does the proposed solution help against power outages, which was asked for? | | |
| ▲ | avianlyric 4 days ago | parent [-] | | That wasn’t what was asked for. The original reason given was to require a password on cold boot, but not require a password when rebooting e.g. for an OS update | | |
| ▲ | anyfoo 3 days ago | parent [-] | | Well, you've asked me to quote in another subthread, I did. Since I don't fully get what you're referring to now, can you please quote? |
|
|
|
|
| ▲ | patrakov 4 days ago | parent | prev | next [-] |
| It makes sense temporarily. You can always move the key to your pocket later if nobody steals it. |
| |
| ▲ | anyfoo 4 days ago | parent [-] | | Oh yeah, I get it. Just pointing out what this is doing, and why you should probably not always do this, for example. |
|
|
| ▲ | derefr 4 days ago | parent | prev [-] |
| I mean, I assume you'd set the unlock-on-reboot flag, and then immediately reboot — at which point the unlock-on-reboot flag gets automatically unset. So, sure, it's a bit like leaving the key on top of the safe... while you have the safe open. Which isn't all that odd. |
| |
| ▲ | anyfoo 4 days ago | parent [-] | | No, the scenario was power outage at an unknown time in the future, not immediate reboot. |
|
