Originally posted by sinepgib
View Post
Code:
sudo find /home -xdev -exec stat -c'%b %n' '{}' + | zstd -10 | pv >/dev/null
If there's a known weakness in the disk encryption scheme that everyone uses, and that weakness is sufficient for the state's investigatory purposes, they will use that weakness, and either keep the arsenal of zero-days secret, or put less effort into finding them in the first place. But the blackhats and foreign intelligence services will not sleep. If, instead, known weaknesses are fixed, then state actors have to find new weaknesses, and the Linux ecosystem benefits from a continual trickle of free government-sponsored security research.
If you don't remove the low-hanging fruit from the tree, you won't know if the canopy is rotten.
I'd argue if you're able to talk your way out of that, you probably can do the same with weaker encryption schemes. For something as quick as grabbing you while crossing the border the "attack" would be forcing you to write your password, not comparing metadata to check if you have some leaked data IMO, which is what triggered this discussion. At that point, what matters is data and how to decrypt it. That part is just as hard with fscrypt as it is with dm-crypt, because both require the same from you.
I don't know about you, but the last panel does seem to imply that if your company fires you and blacklists you it's as bad as a State censoring.
The one about standards and 538 are spot on IMO. Covering a different use case is not the same as trying to replace the other 14 standards, and that's where it really matters to create a new solution.
Comment