Am 23.10.2023 um 12:53:14 Uhr schrieb lester29:
> 1. Does an encryption key on the USB protect against rubber-hose > cryptanalysis? No, the LUKS headers are viewable. You need another layer around that supports hidden containers. > 2. Is it true that key on pendrive is more risky than password > because someone can steal the usb key and access data without the > need of password? Only save they key encrypted, so the password is needed to access it. The place it is saved is irrelevant. > 3. What do you think about simply encrypting the > disk with LUKS and do encrypted backups? Be aware that the boot loader and the /boot aren't encrypted by default and they can be attacked (e.g. simply place a tainted kernel inside) by anybody who has access to the harddisk. Use an ATA password as additional security and maybe also case opening warning, if you system supports that. Backups must also be encrypted, that is a no-brainer.
