that without full disk encryption or locking down your config, an attacker with physical access to your system can simply edit the boot parameters (adding an "s" for single user (root), or "init=/bin/bash")) and boot straight into a root shell.

@syntax i always carry by bootloader with me on a usb flashdrive, that way all thats on my drive as a useless encrypted blob.

@blacklight447 Good idea. Personally I don't really need to go to those lengths as my laptop never leaves the house. I have a "travel" netbook which is stripped of any personal info and which I just use on the road for writing, browsing etc.

@syntax An attacker with physical access to your system can unplug the hard disk, and plug it into their computer to get at everything that isn’t encrypted with no access control.

But even if you only use partial disk encryption, and they boot straight into a root shell, then how are they gonna decrypt the encrypted partition? All they can do is sit there running your computer, not accessing the sensitive stuff.

@cy @syntax Then they replace your password input with malicious software that saves the key in plaintext for them perhaps

@penny @syntax Haha yeah. Good old hardware keyloggers. Most people don’t have to worry about that though. The bad guys are mostly counting on low effort, secretive strategies, like passively sniffing emails. They can’t afford to break into everyone’s house and bug everyone’s computer. Though…

@cy @syntax @cy @syntax I was thinking I'd just have to barely modify your dm-crypt script though. I think I could even get it to send it to me over the internet with just busybox (nc)

@penny @syntax Yes well, keep track of your computers. Don’t let them fall into the wrong hands. And reinstall everything if they do.

Sign in to participate in the conversation
Mastodon 🔐

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Matrix Chat:
Support us on OpenCollective, many contributions are tax deductible!