Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

IMO that's a big problem. They are completely different risk categories. My FDE password is absurdly long and complicated, since I never want someone who gains physical access to get all my data, but my Linux user account password isn't as long since it's main purpose is to stop someone from getting passed my lock screen if I was to leave my system unattended.


Both are 'physical access'.

If one does not power down your system, your FDE is unlocked. So they only need your Linux user account password to get access to the data on your disk.

FDE only protects your data when it's locked. Normally this is when your system is shut down.


The main difference is in the attack surface. Attacking the FDE can happen offline with infinite attempts with a large-scale operation dedicating lots of compute power. Breaking my user password has to happen on site at that exact moment and my lock screen can detect N number of failed logins and shutdown.


True but it's a slightly different category as he wouldn't leave his system on but locked in a potential high risk scenario.


You mean he would shut down a MacBook every day after us? That’s blasphemy.


At least with 10.15 and earlier you can configure MacOS to hybernate after certain amount of time when it will ask for FDE password on wake up and load everything from the disk.


Separation is still recommended.

Storage encryption can be attacked differently than a running system.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: