And now do a scenario where an attacke has the passphrase, but not root access and not the keyfile. There are not many possibilities for that to happen and most are unrealistic.
1. I know about attacker and destroyed keyfile before attacker gets copy of it. That is the most important thing I can think of when using encrypted keyfile. 2. I have keyfile in a safe in far location (in bunker in another country, maybe), while me and my mixed (encrypted and unencrypted) data is always with me. Or vice-versa. 3. Attacker can attach a hidden camera behind me while I typing password (or do similar approach) and then get a copy of encrypted data (it is far easier than get full root access) 4. After encrypting, I give single copy of keyfile to another person (he is living in bunker in another country, of course). I know passphrase, he owns keyfile, we can get to the data only if we meet in person, for example.
...
No. The SD card is a lot _harder_ to destroy than the LUKS header. The LUKS header is gone after a single overwrite of 2MiB of data. The SD card needs very careful physical destruction.
I said microsd card. Scissors will definitely destroy data in a few secs, you can destroy it even with your teeth, with a lighter maybe. While destroying LUKS header demands working computer and knowing what you are doing (you might prepare a script for that though). Even if you have a drill or a hammer, destroying hard drive with it to unrecoverable state is harder than destroying sd or microsd card or even flash drive.
BTW, why do you say it is hard to destroy SD card? I always thought even small physical damage on crystal makes data on this crystal practically unrecoverable.
P.S. I could accidentally replied to Arno`s email and not this maillist, will be more careful next time.
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
