On 10/13/2015 02:15 AM, Gustav Degreef wrote:
For me, setting a master password has only one real use. That is to prevent someone who gets hands on access to my laptop from being able to read my passwords (both for TB and Firefox). It's only of use when I stay in hotels (and that is a fair amount because of work). And I also figure that if the laptop is stolen, then it buys me some time so that I can change my passwords.
Having a laptop stolen is a perfectly reasonable risk scenario. My question is this: Why don't you just encrypt the drive or at the very least the data partition. There are many perfectly good mechanisms for this. Alternatively, in the mobile setting, strip down the 'laptop' (or use a cheapie burner from Goodwill) and use a USB stick as your /home. Remove the USB stick when no using the laptop. Rather than play yes-but games over this, I'm sure other members of the list can offer variations on this theme which are going to be quite viable. I'd be surprised if many of those were from people actually using them in situations similar to yours. I know from my own experience that I can fir a basic running opensuse system on a 16G stick, and I can get quality (e,g, Kingston, SanDisk) stick of that size for about $10 or less. Running a LiveUSB system from a stick isn't going to be as fast as the laptop's embedded drive, especially if that is a SSD! But its secure. Lower quality 32G sticks are about $5 on eBay, but you'll need to run an error check! I see 64G sticks for $12 or so. YMMV. Right now I have a Aegis Secure Key 3.- that the company has given me to evaluate. This is a USB3 device with a secure PIN access that uses AES 'hardware' encryption. It is bootable . The PIN can be up to 16 digits. It has admin mode and user mode. Each has their own PIN. These things are not cheap, http://www.apricorn.com//products/hardware-encrypted-drives/aegis-secure-key... but if you want security, especially at the corporate level, then this does not seem unreasonable. A 30G system on a bootable encrypted stick that can be used with a briner cheapie laptop or the hotels PC in their "office centre" or a "internet café"... for $200 ... The risk/Return threat abatement ratio seems quite reasonable to me. Of course if anyone is willing to offer a way to implement a bootable encrypted system using the basic tools for a regular Kingston 32G stick costing, what? $15 http://www.amazon.com/Kingston-Digital-32GB-DataTraveler-Drive/dp/B0041Q38QM than let us know about it and the details. If I get permission I'll let you guys know about the report on the Capricorn Aegis. Of course there is another way, one that is particularly effective if you need to cross borders and worry about the people at the border crossings confiscating your equipment. Take a 'virgin'/burner/ laptop that has nothing significant on it, not even 'erased/recoverable (even by the NSA) stuff, or possibly acquire a burner at your destination: no passwords, no contents beyond the default installation. Memorize two long passwords or passphrases: one to your Dropbox account, the second to your password vault in that Dropbox account. When you’re at your destination, install Dropbox, install Bittorrent Sync, open your vault and retrieve the key to your Bittorrent Sync and sit back and watch as your home folder (or whatever folders you put in BT Sync) is synced to your computer. Before going back, let BT Sync finish syncing, then wipe the machine before leaving. This way, nothing crosses the border but two passwords in your head. Nothing physical, nothing written down, nothing on the hard drive. If you really want to be smart about it, you might take something like Raspberry Pi as the 'engine', since it can be more minimalist. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org