You are viewing a single comment's thread.

view the rest of the comments →

0
0

[–] 16204072? ago 

11839039

>>11836708

>>11839060

Also, in addition to DBAN, you want to always be using full disk encryption (FDE) - but, if you use FDE, you need to have an excellent backup system, with offsite backups.

And this gets into the topic of keyfiles, like using a thumb drive to store a key for VeraCrypt. The degree to which this increases security is amazing. You go from "maybe they can guess your password" to "they gotta find that damn thumb drive".

0
0

[–] 16204078? ago 

>>11839076

about the thumb key drive, isn't it possible for someone to just map the usb drive then crack it that way? something about this doesn't add up. someone mind shedding some light on this?

0
0

[–] 16204082? ago 

Here's a discussion from VeraCrypt documentation:

Keyfiles

VeraCrypt keyfile is a file whose content is combined with a password. The user can use any kind of file as a VeraCrypt keyfile. The user can also generate a keyfile using the built-in keyfile generator, which utilizes the VeraCrypt RNG to generate a file with random content (for more information, see the section Random Number Generator).

The maximum size of a keyfile is not limited; however, only its first 1,048,576 bytes (1 MB) are processed (all remaining bytes are ignored due to performance issues connected with processing extremely large files). The user can supply one or more keyfiles (the number of keyfiles is not limited).

Keyfiles can be stored on PKCS-11-compliant [23] security tokens and smart cards protected by multiple PIN codes (which can be entered either using a hardware PIN pad or via the VeraCrypt GUI).

0
0

[–] 16204074? ago 

That is, "they gotta find that damn thumb drive AND then try to guess the password"