> But if your box's physical security has been compromised, you're already screwed in any case.
There's a gradient to the screwage, however.
For example, I've encrypted my disk, so someone would need to steal my computer and then try bruteforcing it with some new-fangled graphics card.
With this insanity, I risk someone stealing my unencrypted traffic with a plug-and-play device any time I get up from my desk to pee. Then again, they can already do that with Wireshark.
not just unencrypted - traffic for any website that doesn't use HSTS. All they need to do is intercept a single HTTP page and then they can modify it to contain iframes to their favorite sites over http, and any site without HSTS can then be owned.
There's a gradient to the screwage, however.
For example, I've encrypted my disk, so someone would need to steal my computer and then try bruteforcing it with some new-fangled graphics card.
With this insanity, I risk someone stealing my unencrypted traffic with a plug-and-play device any time I get up from my desk to pee. Then again, they can already do that with Wireshark.