[idlewords]

As the article points out, this is easy to circumvent by removing the hard drive from your laptop. It adds a few minutes to the attack, and requires that the attacker bring a laptop, but you're still hosed.

[timf]

Not my hard drive, the disk itself is fully encrypted and won't work in other laptops without that bios password (I also use a truecrypt-like thing at the filesystem level). The main attack I need to worry about is someone replacing the keyboard, etc.

[Nekojoe]

When you get to that level of protection, the main attack I'd be worried about is the $5 wrench.

http://xkcd.com/538/

Of course as the strip also points out "Actual actual reality: nobody cares about his secrets"

[timf]

Very true, funny :-) At least with truecrypt you can give them only one of the passwords (it can do that secret "deniable" encrypted partition).

[wizard_2]

Are you using a hard drive password? Those are easily crackable as well as they usually have a vendor supplied master password. Do you mind giving more details?

[timf]

http://www.thinkwiki.org/wiki/Full_Disk_Encryption_%28FDE%29

[pmorici]

What laptop / HD combination does that, or rather how can I tell if mine supports it?

[hmmmm]

Most corporate laptops support it, IBM/Leonova do. The problem is how do you know there isn't a master password (for AMI's bios it used to be "AMIBIOS") how do you know their encryption is any good (there was an enterprise tape vendor that advertised DES encryption but actually just XORed the data with your password)

And finally how do you know they haven't done exactly the same trick but replaced your bios with one that includes a keylogger?