New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yes. Grub 2.14 (just released a couple of weeks ago) has full Argon2 support.
See: https://www.phoronix.com/news/GRUB-2.14-Released (just a search link pasted - nothing special).
I'm shocked, SHOCKED to learn that microsoft and the authorities there are in bed!
/sarcasm off
In bed = no warrant needed.
Warrant need = every lawful business operating in the jurisdiction they operate in.
No need for tinfoilers here. Seriously, get a real fucking job in the real world.
Microsoft is Microsoft, bad is bad.
I get the concern, and yes, corruption exists. It always has, and it always will. No disagreement there. Unfortunately
But let me ask something a bit uncomfortable:
If your child was raped, or a close family member was murdered, and the only solid evidence was sitting on an encrypted device owned by the convicted suspect — would you really argue that judges and authorities should be locked out forever because “encryption is sacred”?
Or would you want the courts to have lawful access to decrypted data so they can actually build a case and put the person responsible behind bars?
This isn’t about blanket surveillance or giving governments a magic backdoor to everyone’s life. It’s about due process, warrants, and extreme cases where evidence matters. Simple answers sound good online, but real life is more complicated.
You can oppose mass data collection and still acknowledge that lawful access, under strict judicial oversight, has a place. Otherwise the outcome is simple: it is what it is, and justice stops where encryption begins.
I use LUKS2 for non-system drives. When I used it for the system drive, it took an insanely long time for GRUB2 to unlock it, so I gave up on that. Surely there's a way to make it work faster, though.
I think that's set when the encrypted device is created & is controlled by
--iter-time(2 seconds by default nowadays) - I set 5 seconds as I reboot probably once a month:If you create a new key you can also change it
If I remember correctly, grub took several minutes to unlock it. Maybe with grub 2.14 having argon2 support, it would be faster. I doubt Debian stable will get it until forky 1.5 years from now, though.
I did speed it up a bit, like this:
cryptsetup luksConvertKey --pbkdf-memory=65536 --pbkdf-force-iterations 4 /dev/sdc1But I doubt even that would help grub enough.
Yes, they should remain locked out. Do you know what an EDR is and why it allows anyone in the world to bypass this "strict judicial oversight" for about $200?
In the real life, criminals do not have flawless opsec and evidence can be uncovered using good old-fashioned investigative techniques without weakening everyone's privacy. The situation where encryption is the one and only thing in the way of catching a murderous rapist is a thing of movies, not real life.
I suspect that's a matter of GRUB2 not using code optimized for your hardware. I'm sure cryptsetup is using AVX512 when it supports it. Maybe GRUB2 isn't even using SSE.
@forest
Yes, I know what EDR is and it doesn’t break encryption. It works because whoever controls the endpoint already has access to data before or after encryption is applied. That’s an argument for better endpoint governance and transparency, not for giving courts zero ability to access evidence under judicial oversight.
Providing BitLocker recovery keys to a government agency under a lawful court order has nothing to do with EDR. These are entirely different mechanisms, operating at different layers, with very different legal and technical implications.
These are not the same thing. One involves technical control of a system, the other involves legal access to an encrypted system under a court order.
Courts should have zero ability to access private data that is encrypted with a password, just like they should have zero ability to access our memories. They can investigate without limiting everyone's privacy.
Not to mention, courts can and will be corrupt, and not all courts are those of $insert_your_trustworthy_country_here. You will quickly find that the same tools used to catch these hypothetical murderous rapists who cannot be caught by any other method are also used to track down dissidents and journalists. Do you really think that Snowden, or anyone exposing serious issues, would really get a pass from the courts?
Sure, I'd love better endpoint governance and transparency, but it doesn't stop the fact that "lawful interception" technologies are always going to be insecure:
Funny how it’s exactly those courts you’ll end up running to when you have a real problem in life. Ping me then.
Until that moment, it’s easy to argue in absolutes and compare encryption to human memory. Reality tends to be less philosophical when you actually need justice to function.
And I'd hope they could solve my problem without violating everyone's privacy. If I need help from the courts, I want them to help me using good old-fashioned investigation. I am not against the concept of law as you seem to be implying.
This is the very reason I run nearly 40 tor relays, I2P routers, and Freenet nodes: They are all technologies that are, by design, very difficult for anyone to compromise on a broad scale. That includes the government.
Never-mind, I think you misunderstood my input on the matter.
Based on the statement:
I think you misunderstood mine as well, because my need for a lawful society is completely orthogonal to my disagreement with "lawful interception", i.e. backdoors, as a whole.
I get it; Some really horrible things happen in the world and it would be very nice if the good guys were unconstrained by encryption or privacy, but in reality, the good guys aren't always good, the bad guy's aren't always bad, and backdoors, no matter how securely they're implemented, will always be possible for others to abuse.
Regarding the comparison between encrypted content and the mind, that's actually a comparison made by US courts and is a major reason why the 5th Amendment largely prohibits key disclosure laws unless the the contents of the plaintext are already known ("a foregone conclusion" as in in re Boucher).
I don't think definitive proof is required when the rest of the evidence point to the accused.
Indeed. And there will exist evidence everywhere to convict them, if they are in fact guilty.
Yes, only if the police and prosecutor aren't corrupt to cover up such activities.
Or to dismiss the case because they know they'll look better when their budget is being evaluated if they catch 2000 small time criminals (and innocent victims caught up in their traps) than putting in the effort to catch a few actual monsters that take (gasp) actual effort to stop.
Yes, they choose the low hanging fruit, while serial criminals aren't caught. Even if they did, they will be released early because of prison overcapacity, and nothing can be done because pork barrel projects and welfare payments are prioritized
It's part of the bargain, fully expected behavior when you choose to deal with the devil.
I mean, if you're uploading the recovery key to a company that's known to work with law enforcement, you kind of have no one but yourself to blame... Now, it would be a different story if they never uploaded the keys and instead they have a backdoor/algorithm to generate the key but reading the story, it seems like they use microsoft to backup their key.
P.S. Even signing in to my microsoft on windows, it has always asked me how to backup my bitlocker recovery key, it hasn't been automatic...
Microsoft has to comply with a court order. The key is on MS's system.
If they are, I need to revisit it because my current remote-unlock FDE monstrosity is a bit janky.
A court order, or a script kiddie with $200 and willingness to use an EDR.
This! I am baffled by this as well, are they testing how tolerance people are? Because this is the opposite of Apple a few years back. They refuse to cooperate so US gov used a 3rd party company that somehow know to send a very specific command to a closed OS to unlock iPhone. And yet nobody questioned how is that possible.
This time they just out right admitted it to see what gonna happen? Windows was never that secure once you have physical access to begin with!? I might believe they need help breaking Apple but Windows?
The cases are a bit different, as Apple did not already have the key. They were looking at being compelled to create a backdoored software update that is targeted to the suspect's phone, and they rightfully fought against that.
In this case, MS has the key on their systems already because, of course, they don't give a rat's ass about privacy. So MS set itself up to be in a position where the data is easily accessible by them, greatly weakening any legal argument they could have against blind compliance.