Ah, thanks for explanation. Also thanks for introducing me to the phrase "rubber hose cryptography", I didn't know that.
It is probably good to keep in mind what you said. All passwords are only as good as your ability to keep them for yourself.
Also remember that if someone (feds) would had physical access to your computer while encrypted data is mounted, then the password doesn't matter. Even if you manage to turn off the computer, they could still decrypt the keys by "cold boot attack"[1] within minutes after shutdown. Actually anybody can do that easily. [2]
For normal-purpose encryption that this thread is about, it would be too much hassle, but if I had something I would want to really encrypt and be sure nobody would get to it, then:
1. I would use multiple layers of encryption with the possibility to decrypt one layer in multiple ways (plausible deniability)
2. Would not rely on password only, but also use some external key/token, maybe something like this: https://www.crypto-stick.com/
3. Make the access to data quickly destroyable if I choose so. Several options come to my mind. E.g. make the key/token easily destroyable for me. Other option would be to physically destroy the media where data is stored. These would render the data inaccessible if I choose so. I would of course lose the data.
It is probably good to keep in mind what you said. All passwords are only as good as your ability to keep them for yourself.
Also remember that if someone (feds) would had physical access to your computer while encrypted data is mounted, then the password doesn't matter. Even if you manage to turn off the computer, they could still decrypt the keys by "cold boot attack"[1] within minutes after shutdown. Actually anybody can do that easily. [2]
For normal-purpose encryption that this thread is about, it would be too much hassle, but if I had something I would want to really encrypt and be sure nobody would get to it, then: 1. I would use multiple layers of encryption with the possibility to decrypt one layer in multiple ways (plausible deniability) 2. Would not rely on password only, but also use some external key/token, maybe something like this: https://www.crypto-stick.com/ 3. Make the access to data quickly destroyable if I choose so. Several options come to my mind. E.g. make the key/token easily destroyable for me. Other option would be to physically destroy the media where data is stored. These would render the data inaccessible if I choose so. I would of course lose the data.
[1] https://en.wikipedia.org/wiki/Cold_boot_attack [2] http://vr-zone.com/articles/bitlocker-pgp-truecrypt-cracked-...