> And if there is a procedure to let me move the disk to a new machine, somebody can wrench me until I perform that procedure for them.
I think the implication is that they (the attacker) don't have the machine, or you, or whatever "thing" you have/use to unlock it.
If someone stole your disk, or took a copy of it, they can't offline attack it.
An external hardware device seems preferable for this scenario; if someone steals/snatches your laptop, they won't have your Yubikey or whatever.
In any scenario where the wrenching is an option, I suspect all bets are off, but if wrenching is a real risk, and whatever you're protecting is worth taking a wrenching for (as opposed to just giving it up at the threat of a wrenching), there should probably be some tougher protections which make it clear that the wrenching will gain an attacker nothing, and hopefully save you from it to begin with.
I think the implication is that they (the attacker) don't have the machine, or you, or whatever "thing" you have/use to unlock it.
If someone stole your disk, or took a copy of it, they can't offline attack it.
An external hardware device seems preferable for this scenario; if someone steals/snatches your laptop, they won't have your Yubikey or whatever.
In any scenario where the wrenching is an option, I suspect all bets are off, but if wrenching is a real risk, and whatever you're protecting is worth taking a wrenching for (as opposed to just giving it up at the threat of a wrenching), there should probably be some tougher protections which make it clear that the wrenching will gain an attacker nothing, and hopefully save you from it to begin with.
I'm not sure what or how that would work.