|
|
|
|
|
|
by Vecr
1150 days ago
|
|
|
Intentionally entering wrong pins to lock out is probably destruction of evidence, and pins are so short I would not trust them. Just have an at least 15-length base32 password that's randomly generated with `echo "$(openssl rand -base64 20 | base64 --decode | base32 | head -c 15)"` or whatever. You might want it to be lowercase instead, or base64 for more entropy. That command should be secure on OpenSSL 1.1.1 or later, and combined with argon2id over 4GiB of memory and 12+ rounds, should be pretty much uncrackable. |
|
|
It's all seems pretty arbitrary to me as to whether something is considered destruction of evidence and it's very US-centric anyway. So I'd say yes, deniable encryption is needed. If they decide you're not playing ball, then you'll be punished. The difference is whether they will use a legal system for that in a First World country or something else if you're not so lucky.