Anti Evil Maid (AEM) - SRK password strength? Sane to use same password as for full disk encryption?

[Patrick Schleizer]

How strong should the SRK password strength be? Should it be as strong
as a password for full disk encryption?

Is it sane to use same password as SRK password as well as for full disk
encryption?

Cheers,
Patrick

[ludwig jaffe]

Think about the attack surface. Evil maid needs to come into your room and has about 2 hours to attack your machine.
The disk encryption needs to be much stronger. You take a flight to a country with some "security needs" and your laptop is shipped 2 days after your landing to your hotel.
The $agencies copied your harddisk and modified your bios (ME, UEFI) and you shop for a new laptop of the same series, pay cash and migrate your harddisk to the new machine.
So the $agencies are sad as they can not capture your key strokes but they can work years with your harddisk image.
The evil maid has not so much time, also she can not prepare much.
So if you have problems, maybe, you can decrease the security of SRK password,
but be sure to have enough entropy in a password.

Cheers.
As all have nothing to hide, we will not need to buy a new laptop on holidays :-)

[ludwig jaffe]

On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote:

Another analog thing: one can exchange your laptop into a similar model and place it into your room and you type your password into "your" computer, but this one captures it and reports it to $agencies.
So paint your laptop with glitter paint and make a photo in a secure environment. So faking the random distribution of the particles is impossible, so one can just compare the pictures to be sure to have your machine.
Just to be sure, and it looks cool :-)