I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
My issue is that I can never remember “a couple more commands” for the life of me. And I use Arch BTW, so the likelihood of me needing those is a bit higher than usual.
My drives are not encrypted because it’s a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I’m not really sure if it was needed.
I don’t but admittedly I don’t do much stuff on my laptop that’s super secure. it’s mainly for gaming and the odd programming project.
Honestly… Why bother? If someone gains remote access to my system, an encrypted disk won’t help. It’s just a physical access preventer afaik, and I think the risk of that being necessary is very low. Encrypted my work computer because we had to and that environment also made it make more sense, I technically had sensitive customer info on it, though I worked at Oracle so of course they had to make it as convoluted and shitty as possible.
I encrypt everything, with unique complex passwords, that I have a safe mnemonic system for remembering and retrieving.
I have no significant private data on my disks. They can be wiped whether encrypted or not if they’re stolen. And I like that in theory if my pc explodes I can recover the data with only the drive.
I do, laptops and workstations.
It’s just too easy not to, and there’s almost no downsides to it. (I only need to reboot, once a month or two.)
Well, unless you consider the possibility of forgetting the password a downside, so for that reason I keep the password in a password manager.
In case my laptop was stolen, there would quite a couple fewer things to worry about. Especially things like client’s data which could be under NDA’s, etc…
are you guys using the bios ssd encryption option or a software solution?
LUKS (I was assuming that’s kind of implied, I don’t think I ever thought of another way…)
I’m using LVM. The BIOS solution would be a bad idea because it would be more difficult to access the drive on other systems if you had to; LVM allows you to enter your password on other systems to decrypt.
Don’t you mean LUKS with LVM on top? (That’s what I use, I’m not sure LVM alone even supports encryption…)
Yes, fellow OpenTTD player.
OpenTTD player
It’s nice when people guess which AI i used to generate my avatar.
Yes. Encrypting your entire hard drive has basically been a tickbox in the Fedora installer for a long time now. No reason why I wouldn’t do it. It’s, easy, doesn’t give me any problems and improves my devices security with defence-in-depth. No brainer.
It’s a smidge more difficult on Debian if you want to use a non-ext4 filesystem - granted for most people, ext4’s probably still fine. I use it on my desktop, which doesn’t have encryption.
No.
I spend a significant amount of time on other things, e.g. NOT using BigTech, no Facebook, Insta, Google, etc where I would “volunteer” private information for a discount. I do lock the physical door of my house (most of the time, not always) and have a password … but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.
It’s a bit like if somebody where to break in and stole my stuff at home, my gadgets or jewelry. Of course I do not welcome it, nor help with it hence the lock on the front door or closed windows, but at some point I also don’t have cameras, alarms, etc. Honestly I don’t think I have enough stuff worth risking breaking in for, both physical and digital. The “stuff” I mostly cherish is relationship with people, skills I learned, arguably stuff I built through those skills … but even that can be built again. So in truth I don’t care much.
I’d argue security is always a compromise, a trade of between convenience and access. Once you have few things in place, e.g. password, 2nd step auth, physical token e.g. YubiKeyBio, the rest becomes marginally “safer” for significant more hassle.
but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.
The problem with “my disks” is there’s always some other’s people on it, in one way or another.
But of course, it’s your call. We all have gaps in our “walls” and it’s not like I’d be pretending that LUKS is all that matters.
Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.
I used to, but it’s proven to be a pain more often than a blessing. I’m also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it’s game over anyway.
I’m also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it’s game over anyway.
I am sorry but that is BS. Encryption is not easy to break like in some Movies.
If you are referring to that a bad actor breaks in and modifies your hardware with for example a keylogger/sniffer or something then that is something disk encryption does not really defend against.
That’s more what I mean. They won’t break the encryption, but at that point with physical access to my home/ computer/ servers, I have bigger problems.
There’s very little stored locally that could be worse than a situation where someone has physical access to my machine.
No. I break my system occasionally and then it’s a hassle.
I don’t really see the point. If someone’s trying to access my data it’s most likely to be from kind of remote exploit so encryption won’t help me. If someone’s breaks into my house and steals my computer I doubt they’ll be clever enough to do anything with it. I guess there’s the chance that they might sell it online and it gets grabbed by someone who might do something, but most of my important stuff is protected with two factor authentication. It’s getting pretty far fetched that someone might be able to crack all my passwords and access things that way.
It’s far more likely that it’s me trying to recover data and I’ve forgotten my password for the drive.
My laptops are encrypted in case they get stolen or someone gets access to them at uni.
