this post was submitted on 16 Jan 2025

167 points (99.4% liked)

Linux

49051 readers

440 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

167

Do you encrypt your drives and why or why not? (lemmy.ml)

submitted 1 day ago by monovergent@lemmy.ml to c/linux@lemmy.ml

220 comments fedilink hide all child comments

I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I've encountered include the option to encrypt, it is not selected by default.

Whether it's a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won't end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.

But that's just me and I'm curious to hear what other reasons to encrypt or not to encrypt are out there.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] ShortN0te@lemmy.ml 5 points 1 day ago

Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.

[–] Bananable@feddit.nl 13 points 1 day ago

My laptops are encrypted in case they get stolen or someone gets access to them at uni.

[–] eager_eagle@lemmy.world 85 points 1 day ago* (last edited 1 day ago) (10 children)

I don't https://xkcd.com/538/

I'm convinced the chances of me losing access to the data are higher than encryption protecting it from a bad actor.

Let's be real, full disk encryption won't protect a running system and if someone has physical access and really wants it, encryption won't protect you from the $5 wrench either.

I do encrypt my phone data though, as someone running away with my phone is more realistic.

[–] patatahooligan@lemmy.world 55 points 1 day ago (1 children)

Who's gonna come at me with a $5 wrench because they really want my data, though? The attack I'm most likely to experience is someone stealing my laptop while I'm out traveling. That's what full filesystem encryption solves best.

[–] Valmond@lemmy.world 27 points 1 day ago (3 children)

Or per XKCD, where are they finding a wrench for $5??

[–] timroerstroem@feddit.dk 11 points 1 day ago (1 children)

Here's one for less than 4 USD. I imagine 150 mm in length would be sufficient.

[–] Valmond@lemmy.world 7 points 1 day ago* (last edited 20 hours ago) (1 children)

Wow that's cheap!

Watch out crypt nerds!

Edit: crypto, not crypt! Leaving it 🧟‍♀️

load more comments (1 replies)

load more comments (2 replies)

[–] AnAmericanPotato@programming.dev 27 points 1 day ago

I'm not worried about getting raided by the KGB or anything like that, but break-ins happen and my computer equipment would be a prime target for theft.

I occasionally cycle my backup drives off-site, so I want those encrypted as well.

The cost of encryption is very close to zero, so I don't even entertain the question of whether I should encrypt or not. I just encrypt by default.

load more comments (8 replies)

[–] endeavor@sopuli.xyz -1 points 15 hours ago (2 children)

I do not as I do not have any sensitive data and what data is sensitive are the digital documents which are securely encrypted by default via id card and its passwords.

If I start having something worth protecting I will turn on fedoras encryption. But until then anyone who manages to steal my 100 eur thinkpad and guess its password is welcome to try out linux and see if they like it I guess.

load more comments (2 replies)

[–] giacomo@lemm.ee 40 points 1 day ago* (last edited 1 day ago) (2 children)

laptop yeah

desktop nah

load more comments (2 replies)

[–] communism@lemmy.ml 24 points 1 day ago (6 children)

I encrypt all my drives. Me and the people I know get occasionally raided by the police. Plus I guess also provides protection for nosy civilians who get their hands on my devices. Unlike most security measures, there is hardly any downside to encrypting your drives—a minor performance hit, not noticeable on modern hardware, and having to type in a password upon boot, which you normally have to do anyway.

load more comments (6 replies)

[–] ReakDuck@lemmy.ml 7 points 1 day ago* (last edited 1 day ago)

Its that simple.

I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.

Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.

You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.

Those are ideas. But generally its only about the feeling of privacy.

[–] Cysioland@lemmygrad.ml 1 points 21 hours ago

I encrypt my workstations and backups thereof on external devices. To protect against theft or a lazy state-level adversary

[–] Feathercrown@lemmy.world 1 points 22 hours ago

I have no significant private data on my disks. They can be wiped whether encrypted or not if they're stolen. And I like that in theory if my pc explodes I can recover the data with only the drive.

[–] thebardingreen@lemmy.starlightkel.xyz 1 points 22 hours ago

I encrypt everything, with unique complex passwords, that I have a safe mnemonic system for remembering and retrieving.

[–] netvor@lemmy.world 1 points 22 hours ago

I do, laptops and workstations.

It's just too easy not to, and there's almost no downsides to it. (I only need to reboot, once a month or two.)

Well, unless you consider the possibility of forgetting the password a downside, so for that reason I keep the password in a password manager.

In case my laptop was stolen, there would quite a couple fewer things to worry about. Especially things like client's data which could be under NDA's, etc...

[–] SitD@lemy.lol 1 points 22 hours ago (2 children)

are you guys using the bios ssd encryption option or a software solution?

[–] netvor@lemmy.world 2 points 22 hours ago

LUKS (I was assuming that's kind of implied, I don't think I ever thought of another way..)

[–] data1701d@startrek.website 2 points 22 hours ago (3 children)

I’m using LVM. The BIOS solution would be a bad idea because it would be more difficult to access the drive on other systems if you had to; LVM allows you to enter your password on other systems to decrypt.

load more comments (3 replies)

[–] Mwa@lemm.ee 9 points 1 day ago (11 children)

I don't wanna risk losing anything on the drive thats important .

[–] gandalf_der_12te@discuss.tchncs.de 4 points 1 day ago (2 children)

May i suggest a technique for remembering the password?

write it down

but instead of writing down the password, write down questions that only you can reasonably answer. For example:

what was the name of the first girl i kissed?
where did i go to on summer camp?
which special event happened there?

and the answer would be: "mary beach rodeo" or idk what. this way, you construct a password out of multiple words that each are an answer to a simple question.

[–] Mwa@lemm.ee 4 points 1 day ago

Maybe I might try this, and am open to advice :)

load more comments (1 replies)

load more comments (10 replies)

[–] LiamMayfair@lemmy.sdf.org 1 points 22 hours ago (1 children)

Yes. Encrypting your entire hard drive has basically been a tickbox in the Fedora installer for a long time now. No reason why I wouldn't do it. It's, easy, doesn't give me any problems and improves my devices security with defence-in-depth. No brainer.

[–] data1701d@startrek.website 1 points 20 hours ago

It’s a smidge more difficult on Debian if you want to use a non-ext4 filesystem - granted for most people, ext4’s probably still fine. I use it on my desktop, which doesn’t have encryption.

[–] hubobes@sh.itjust.works 9 points 1 day ago

My Laptop and Phone have encrypted drives, my Desktop doesn't.

[–] dbkblk@lemmy.world 5 points 1 day ago* (last edited 1 day ago)

I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.

load more comments