this post was submitted on 16 Jan 2025

153 points (98.7% liked)

Linux

49051 readers

658 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

153

Do you encrypt your drives and why or why not? (lemmy.ml)

submitted 1 day ago by monovergent@lemmy.ml to c/linux@lemmy.ml

210 comments fedilink hide all child comments

I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I've encountered include the option to encrypt, it is not selected by default.

Whether it's a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won't end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.

But that's just me and I'm curious to hear what other reasons to encrypt or not to encrypt are out there.

you are viewing a single comment's thread
view the rest of the comments

[–] Mwa@lemm.ee 9 points 1 day ago (2 children)

I don't wanna risk losing anything on the drive thats important .

[–] gandalf_der_12te@discuss.tchncs.de 4 points 21 hours ago (2 children)

May i suggest a technique for remembering the password?

write it down

but instead of writing down the password, write down questions that only you can reasonably answer. For example:

what was the name of the first girl i kissed?
where did i go to on summer camp?
which special event happened there?

and the answer would be: "mary beach rodeo" or idk what. this way, you construct a password out of multiple words that each are an answer to a simple question.

[–] netvor@lemmy.world 2 points 11 hours ago

mary beach rodeo

thank you for sharing your password 😜

[–] Mwa@lemm.ee 3 points 18 hours ago

Maybe I might try this, and am open to advice :)

[–] Quazatron@lemmy.world 3 points 23 hours ago (2 children)

That is a good reason to backup, but has nothing to do with encryption.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 8 points 23 hours ago* (last edited 23 hours ago) (1 children)

That is a good reason to backup

This is true.

but has nothing to do with encryption.

I disagree with this. If you forget the password for decrypting your drive, then you will have lost "anything on the drive that's important". I know because it happened to me long ago, and so now I too have been wary of disk encryption ever since then.

[–] Quazatron@lemmy.world 1 points 20 hours ago (1 children)

Encryption and backup are orthogonal domains. If you don't understand why, I'm sure you're not going to take a random strangers' opinion on the subject.

[–] utopiah@lemmy.ml 1 points 18 hours ago (2 children)

Mind expanding just a bit through? IMHO it's not orthogonal in the sense that either your backups are :

unencrypted and thus your is are safe (you have copies you can access despite losing your keys) but not secure (someone else can read the content too)
encrypted and thus your data is NOT safe if you lose your keys but secure

Isn't it?

[–] netvor@lemmy.world 1 points 11 hours ago

TBH even the way you phrased your question kind of proves it's orthogonal. Yes, you can have the full matrix:

encrypted | backed up
----------|----------
       no |        no
       no |       yes
      yes |        no
      yes |       yes

In each case, you have a different set of problems.

Encrypting a particular medium only means that it's going to be harder to gain access to the data on that medium (harder for everyone, but trillions of less harder for someone who knows the password.
- That's regardless of whether you also have a backup.
Backing up just means that a copy of the data exists somewhere else.
- That's regardless of whether this or the other copy is encrypted.

Sure, eventually, the nature of your data's safety will be affected by both.

Disclaimer: I'm by no means a security expert, don't take what I write here as advice!

Eg. I encrypt my disks. When I do, I basically encrypt everything, ie. all partitions (except /boot). Then on those partitions, most of the data is not worth backing up since it's either temporary or can be easily obtained anyway (system files). Well, some of the data is backed up, and some of that even ends up on disks that are not encrypted (scary, I know!) :)

To be fair, just encrypting the disks does not solve all. If someone broke to my house, they would with almost 100% chance find my computer on, which means that the disks are not encrypted (technically still are, just that LUKS provides unencrypted versions as well..) So the barrier they would have to face would be basically just the desktop lock.

For that reason I don't encrypt hard drives on my remote server, since the server is always running in a virtual environment so by definition anyone who's maintaining the hardware can already open files from the unencrypted drives, ie. I think it would be pointless.

[–] Quazatron@lemmy.world 1 points 18 hours ago

I keep backups (regular, incremental, remote) to keep my data safe in case something happens to my local data. This protects me from things like theft, hardware failure, accidental deletion of some important files. Having multiple generations (daily, weekly, monthly) will protect me when I delete some files and only realize weeks later.

All of this is a separated issue to having encryption or not. I encrypt both local and backup copies, and store the keys in a password manager.

See what works for you, but don't confuse the issues.

[–] Mwa@lemm.ee 5 points 23 hours ago (1 children)

I meant if I lose my encryption key I lose the data on the disk.

[–] mholiv@lemmy.world 1 points 23 hours ago (1 children)

That is a good reason to backup, but has nothing to do with encryption.

(For real though I have a backup of all of my drive LUKS headers stored on several media types on and off site.)

[–] keegomatic@lemmy.world 1 points 17 hours ago (1 children)

How would backing up help with that, though, assuming the backups are also encrypted?

I meant if I lose my encryption key I lose the data on the disk.

If they lose the key they lose the data in the backups, too. So that concern is not a good reason to backup, in my eyes.

Then, if the backups are not encrypted, then doesn’t that undermine the value of encrypting your drive/user data partition in the first place?

[–] mholiv@lemmy.world 1 points 17 hours ago

Just backup the LUKs header files. No need to encrypt them as they’re inherently secure as the hard drives they would originally reside on.