I have multiple computers, tablets, etc. If I have a very secure key, is there any problem with using it to encrypt all of my systems? I can remember 1 or 2 secure keys without writing them down. But any more than that, I would probably get them mixed up.
-
You're talking about OS Encryption, right? – SEJPM May 09 '15 at 15:48
-
1What do you want to defend against ? The answers will be different if you want to defend against casual hardware theft vs. law enforcement. – May 09 '15 at 16:49
-
You normally remember passwords or passphrases, not keys. – Maarten Bodewes May 10 '15 at 00:13
2 Answers
There is often a trad-off to be found between security and usability.
Some times you consent to loose a bit of usability for the sake of security. Some times you agree to loose a bit of security for the sake of usability. All that's matter is to clearly understand the risk you are facing and whether or not you accept to cope with this.
In your case:
- Using disk encryption is always better than using no disk encryption. Botting from another media or extracting the disk for instance will not give an immediate access to your data.
- Using long passphrases is better than short passwords. The disks will most probably be resistant to brute force attacks, an attacker would therefore need to find another way to get access to your passphrases (software weakness, shoulder surfing, hardware keylogger when appropriate are possible examples of alternative ways to get access to your passphrase).
- Using the same passphrase on all of your encrypted device make this passphrase o become a single point of failure. If an attacker manage to get access to the passphrase on one device, he will be able to decipher the content of all other devices.
Knowing this risk, you might find it acceptable.
For instance, if all of your device already share the same content (mail software retrieving mails from the same mailboxes, Firefox synchronization enabled, copies of the same files or access to the same shared location (cloud storage, etc.)), then having separate encryption passphrase might be of little value.
Or if your main concern is about one of your device being stolen, the fact that it's content will be strongly encrypted is a sufficient guaranty. A casual thief will most probably have neither the opportunity to look or film you while typing your password nor proceed with an advanced plan like installing some keylogger on your system to capture the passphrases in prevision of stealing the devices as a next step.
I encourage you to check this thread, you will see that a strong passphrase is not necessary a complex one with strange symbols all over the place, and moreover you will discover "@AviD's rule of usability" I have to highlight here:
Security at the expense of usability comes at the expense of security.
- 19,142
- 4
- 59
- 107
Yes, there are problems. The problem is if that one key is compromised all of your accounts are compromised. It's much faster to crack one key to access 5 accounts than it is to crack 5 keys to access 5 accounts. Some systems also use weaker cryptographic methods. Even if your key is strong it could potentially be recovered easily on one system, defeating the strength of the other systems.
- 1
- 1
-
well the difference in brute-force security isn't that much. If you consider the brute-force attack using 5 different password adds a mere 3 bits of security if an attacker can test all of them.
But the argument that if one system's lost others are lost too is still valid. – SEJPM May 10 '15 at 13:01