this post was submitted on 16 Jan 2025

156 points (98.8% liked)

Linux

49059 readers

528 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r

156

Do you encrypt your drives and why or why not? (lemmy.ml)

submitted 1 day ago by monovergent@lemmy.ml to c/linux@lemmy.ml

216 comments fedilink hide all child comments

I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I've encountered include the option to encrypt, it is not selected by default.

Whether it's a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won't end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.

But that's just me and I'm curious to hear what other reasons to encrypt or not to encrypt are out there.

you are viewing a single comment's thread
view the rest of the comments

[–] BrianTheeBiscuiteer@lemmy.world 21 points 1 day ago* (last edited 1 day ago) (4 children)

I don't think I encrypt my drives and the main reason is it's usually not a one-click process. I'm also not sure of the benefits from a personal perspective. If the government gets my drives I assume they'll crack it in no time. If a hacker gets into my PC or a virus I'm assuming it will run while the drive is in an unencrypted state anyway. So I'm assuming it really only protects me from an unsophisticated attacker stealing my drive or machine.

Please educate me if I got this wrong.

Edit: Thanks for the counter points. I'll look into activating encryption on my machines if they don't already have it.

[–] InFerNo@lemmy.ml 1 points 21 hours ago

GNOME disks is a nice GUI that lets you setup disks with ease. Encryption can be easily setup with it.

[–] JubilantJaguar@lemmy.world 26 points 1 day ago (1 children)

is it’s usually not a one-click process

It is, these days. Ubuntu and Fedora, for example. But you still have to select it or it won't happen. PopOS, being explicitly designed for laptops, has it by default.

If the government gets my drives I assume they’ll crack it in no time.

Depends on your passphrase. If you follow best practice and go with, say, a 25-character passphrase made up of obscure dictionary words, then no, even a state will not be cracking it quickly at all.

If a hacker gets into my PC or a virus I’m assuming it will run while the drive is in an unencrypted state anyway.

Exactly. This is the weak link of disk encryption. You usually need to turn off the machine, i.e. lose the key from memory, in order to get the full benefits. A couple of consolations: (1) In an emergency, you at least have the option of locking it down; just turn it off - even a hard shutdown will do. (2) As you say, only a sophisticated attacker, like the police, will have the skills to break open your screenlocked machine while avoiding any shutdown or reboot.

Another, less obvious, reason for encrypting: it means you can sell the drive, or laptop, without having to wipe it. Encrypted data is inaccessible, by definition.

Encryption of personal data should be the default everywhere. Period.

[–] monovergent@lemmy.ml 14 points 1 day ago* (last edited 1 day ago)

Well said. LUKS implements AES-256, which is also entrusted by the U.S. government and various other governments to protect data from state and non-state adversaries.

[–] PrefersAwkward@lemmy.world 18 points 1 day ago (1 children)

A big benefit of encryption is that if your stuff is stolen, it adds a lot of time for you to change passwords and invalidate any signed in accounts, email credentials, login sessions, etc.

This is true even if a sophisticated person steals the computer. If you leave it wide open then they can go right in and copy your cookies, logins, and passwords way faster. But if it's encrypted, they need to plug your drive into their system and try to crack your stuff, which takes decent time to set up. And the cracking itself, even if it takes only hours, would be even more time you can use to secure your online accounts.

On Linux, my installs always had a checkbox plus a password form for the encryption.

[–] Terces@lemmy.world 3 points 1 day ago (1 children)

I think this is true for computers that are in danger of being stolen. Laptops or PCs in dorms or other shared living spaces. But I live in a relatively secure area, burglaries are very rare and my PC never leaves the building. So the benefits of encryption are pretty much negligible.

[–] tapdattl@lemmy.world 6 points 1 day ago (1 children)

What are the downsides to encryption? Though you may have negligible benefits, if there are also negligible downsides then the more secure option should be chosen.

[–] tired_n_bored@lemmy.world 6 points 1 day ago (1 children)

The LUKS encryption can get corrupted
The password may be forgotten

[–] tapdattl@lemmy.world 3 points 1 day ago (1 children)

harddrives can be corrupted, too. That's where backups come in
True, though one could use a security key or password manager to overcome that, or setup secure boot/TPM to where a password isn't actually needed. If all else fails, again, backups.

[–] InFerNo@lemmy.ml 1 points 21 hours ago (1 children)

So when the laptop dies, the disk cannot be read anywhere because the tpm is lost?

[–] tapdattl@lemmy.world 2 points 18 hours ago

Correct, the hard disk in the laptop can not be read. This is where having a good backup strategy is important. Similar to how if your hard disk dies you're no longer able to access the material on the hard disk. For me, the downsides of encryption do not outweigh the benefits of having my data secure.

I enabled full disk encryption during OS installation, set up a secure passphrase, and then set up automated encrypted backups to my home server, which are automatically backed up to a remote server.

I gain peace of mind in knowing that if my laptop is stolen I'm only out the cost of the laptop, the data within is still safe and secure.

[–] boredsquirrel@slrpnk.net 6 points 1 day ago

It is a one click process if you use user friendly distros