I’ve enabled full hard drive encryption on all of my devices.

The only exception is my homeserver (mainly running Nextcloud), where all of my personal data is stored.

I’m the only user and have chosen a very strong root- and user password.

From what I’ve researched, the only person who can see my data physically is the super user (aka. me), but if someone else doesn’t have the password, they can’t read anything critical and my personal data are safe from the eyes of others.

Is that correct? If it is, why does LUKS exist?

  • Kalash@feddit.ch
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 year ago

    If the hard drive isn’t encrypted you can always physically remove it and connect it to another system to access your data.

  • cbarrick@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    An encrypted hard drive means that someone cannot physically steal your hard drive and read its contents.

    Encryption-at-rest is generally moot against RCE exploits, because your OS will happily decode files that your programs have permission to read.

    That said, on modern systems, encryption is cheap. So set it up if you can.

  • sashanoraa
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    As others have said drive LUKS is primarily meant to protect against someone getting your data if they physically steal your device/drive. This is less of a risk for a home server then say a laptop or phone.