this post was submitted on 16 Jan 2025
155 points (98.7% liked)

Linux

49051 readers
1391 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
nooter692@lemmy.ml
AgreeableLandscape@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
155
Do you encrypt your drives and why or why not? (lemmy.ml)
submitted 1 day ago by monovergent@lemmy.ml to c/linux@lemmy.ml
213 comments fedilink hide all child comments
 

I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I've encountered include the option to encrypt, it is not selected by default.

Whether it's a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won't end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.

But that's just me and I'm curious to hear what other reasons to encrypt or not to encrypt are out there.

you are viewing a single comment's thread
view the rest of the comments
[–] utopiah@lemmy.ml 2 points 20 hours ago (2 children)

Mind expanding just a bit through? IMHO it's not orthogonal in the sense that either your backups are :

  • unencrypted and thus your is are safe (you have copies you can access despite losing your keys) but not secure (someone else can read the content too)
  • encrypted and thus your data is NOT safe if you lose your keys but secure

Isn't it?

[–] netvor@lemmy.world 1 points 13 hours ago

TBH even the way you phrased your question kind of proves it's orthogonal. Yes, you can have the full matrix:

encrypted | backed up
----------|----------
       no |        no
       no |       yes
      yes |        no
      yes |       yes

In each case, you have a different set of problems.

  • Encrypting a particular medium only means that it's going to be harder to gain access to the data on that medium (harder for everyone, but trillions of less harder for someone who knows the password.
    • That's regardless of whether you also have a backup.
  • Backing up just means that a copy of the data exists somewhere else.
    • That's regardless of whether this or the other copy is encrypted.

Sure, eventually, the nature of your data's safety will be affected by both.

Disclaimer: I'm by no means a security expert, don't take what I write here as advice!

Eg. I encrypt my disks. When I do, I basically encrypt everything, ie. all partitions (except /boot). Then on those partitions, most of the data is not worth backing up since it's either temporary or can be easily obtained anyway (system files). Well, some of the data is backed up, and some of that even ends up on disks that are not encrypted (scary, I know!) :)

To be fair, just encrypting the disks does not solve all. If someone broke to my house, they would with almost 100% chance find my computer on, which means that the disks are not encrypted (technically still are, just that LUKS provides unencrypted versions as well..) So the barrier they would have to face would be basically just the desktop lock.

For that reason I don't encrypt hard drives on my remote server, since the server is always running in a virtual environment so by definition anyone who's maintaining the hardware can already open files from the unencrypted drives, ie. I think it would be pointless.

[–] Quazatron@lemmy.world 1 points 20 hours ago

I keep backups (regular, incremental, remote) to keep my data safe in case something happens to my local data. This protects me from things like theft, hardware failure, accidental deletion of some important files. Having multiple generations (daily, weekly, monthly) will protect me when I delete some files and only realize weeks later.

All of this is a separated issue to having encryption or not. I encrypt both local and backup copies, and store the keys in a password manager.

See what works for you, but don't confuse the issues.