On 12/4/19 6:59 PM, John M. Harris Jr
wrote:
On Wednesday, December 4, 2019 12:38:20 PM MST Przemek Klosowski via devel
wrote:
- stolen/lost laptop: I think this is the most important one for most
people; it is mitigaged by a trusted-network-based decryption, unless
the device is in unencrypted sleep mode and the new 'beneficial owner'
manages to read the disk before the system goes down.
That may be the case for home users, but not for businesses. Let's take this
example. Employee A has files from a given project, but Employee B doesn't
have access to that project. Employee B is malicious, and takes Employee A's
laptop, gets it on the network, it unencrypts itself and then takes it.
Defending against threat model allowing physical access and
malicious insiders, who e.g. install a screen/keyboard capturing
camera in the target office, is an entirely different ballgame,
requiring multi-factor authentication, etc. --- and even those are
not infallible (c.f. wikileaks).