Replying to db2f6a66...

Too many people think full disk encryption solves everything. It doesn't.

Even possessing unencrypted VMs is a huge attack vector. Plausible deniability should be the first line of defense.

If a VM can't be run in an isolated, encrypted container, it loses 99% of its security.
Avatar
Rijndael 3y ago

Plausible deniability is a feature you want if you’re worried about the authorities seizing your machine. It’s not the first-line-of-defense if you’re trying to defend against compromise.

Reply to this note

Please Login to reply.

Discussion

db
db2f6a66... 3y ago

The point of isolating VMs is to isolate compromise. It makes no sense to have VMs that are easily identifiable and unencrypted. If a running machine is compromised FDE doesn't help. But isolated encrypted machines with correctly configured permissions do.

#[5]