Wednesday, July 15, 2009

Protect Your Laptop Data from Everyone, Even Yourself - Bruce Schneier

A Blog Post by Bruce Schneier
Link

http://www.wired.com/politics/security/commentary/securitymatters/2009/07/securitymatters_0715

Don't try this at home if you're not very familiar with whatever encryption product you're using. Failure results in a bricked computer. Don't blame me.


Step One: Before you board your plane, add another key to your whole-disk encryption (it'll probably mean adding another "user") -- and make random. By "random," I mean really random: Pound the keyboard for a while, like a monkey trying to write Shakespeare. Don't make it memorable. Don't even try to memorize it.


Technically, this key doesn't directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive -- that's how the software allows multiple keys.
So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.


Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won't be able to recover your hard drive without it.

Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.


Step Four: Board your plane normally and use your computer for the whole flight.


Step Five: Before you land, delete the key you normally use.
At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There's no need to lie to the customs official; you can even show him a copy of this article if he doesn't believe you.


Step Six: When you're safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.

No comments: