Yes. I have sensitive info in my PC (work credentials) and in the case of a break-in, last thing I want is to jeopardize my job.
this post was submitted on 16 Jan 2025
162 points (98.8% liked)
Linux
49086 readers
580 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
I don't encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.
but I do have encrypted directories for my sensitive data
What do you use for encrypted directories? Ecryptfs?
I don't think I encrypt my drives and the main reason is it's usually not a one-click process. I'm also not sure of the benefits from a personal perspective. If the government gets my drives I assume they'll crack it in no time. If a hacker gets into my PC or a virus I'm assuming it will run while the drive is in an unencrypted state anyway. So I'm assuming it really only protects me from an unsophisticated attacker stealing my drive or machine.
Please educate me if I got this wrong.
Edit: Thanks for the counter points. I'll look into activating encryption on my machines if they don't already have it.
A big benefit of encryption is that if your stuff is stolen, it adds a lot of time for you to change passwords and invalidate any signed in accounts, email credentials, login sessions, etc.
This is true even if a sophisticated person steals the computer. If you leave it wide open then they can go right in and copy your cookies, logins, and passwords way faster. But if it's encrypted, they need to plug your drive into their system and try to crack your stuff, which takes decent time to set up. And the cracking itself, even if it takes only hours, would be even more time you can use to secure your online accounts.
On Linux, my installs always had a checkbox plus a password form for the encryption.
load more comments
(6 replies)
GNOME disks is a nice GUI that lets you setup disks with ease. Encryption can be easily setup with it.
load more comments
(3 replies)
Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.
I don't wanna risk losing anything on the drive thats important .
May i suggest a technique for remembering the password?
write it down
but instead of writing down the password, write down questions that only you can reasonably answer. For example:
- what was the name of the first girl i kissed?
- where did i go to on summer camp?
- which special event happened there?
and the answer would be: "mary beach rodeo" or idk what. this way, you construct a password out of multiple words that each are an answer to a simple question.
Maybe I might try this, and am open to advice :)
mary beach rodeo
thank you for sharing your password 😜
load more comments
(10 replies)
Its that simple.
I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.
Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.
You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.
Those are ideas. But generally its only about the feeling of privacy.
My Laptop and Phone have encrypted drives, my Desktop doesn't.
i'd really like to. but there is ONE big problem:
Keyboard layouts.
seriously
I hate having to deal with that. when I set up my laptop with ubuntu, I tried at least 3 thymes to make it work, but no matter what I tried I was just locked out of my brand-new system. it cant just be y and z being flipped, I tried that, maybe it was the french keyboard layout (which is absolutely fucked) or something else, but it just wouldnt work.
On my mint PC I have a similar problem with the default layout having weird extra keys and I just sort of work around that, because fuck dealing with terminals again. (when logged in it works, because I can manually change it to the right one.)
Now I do have about a TerraByte of storage encrypted, just for the... more sensitive stuff...
While dealing with the problems I stumbled across a story of a user who had to recover their data using muscle-memory, a broken keyboard, the same model of keyboard and probably a lot of patience. good luck to that guy.
load more comments
(2 replies)
My issue is that I can never remember "a couple more commands" for the life of me. And I use Arch BTW, so the likelihood of me needing those is a bit higher than usual.
I don't but admittedly I don't do much stuff on my laptop that's super secure. it's mainly for gaming and the odd programming project.
I started encrypting once I moved to having a decent number of solid state drives as the tech can theoretically leave blocks unerased once they go bad. Before that my primary risk factor was at end of life recycling which I usually did early so I wasn’t overly concerned about tax documents/passwords etc being left as I’d use dd to write over the platters prior to recycling.
load more comments
(3 replies)
I encrypt everything, with unique complex passwords, that I have a safe mnemonic system for remembering and retrieving.
I made the mistake of not setting up encryption on my main 45TB zfs pool so I'm currently backing up everything on there to tape so I can recreate the pool (also need to change from mirrored to raidz) and then copying everything back to the drives. Although writing and reading each are around 6 days continuesly. Didn't want to bite the bullet and pay more then I absolutely had to and only got a LTO-4 drive and tapes.
Almost everything that can be is: laptops, desktop, servers (LUKS), phone (grapheneos)
I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.
I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.
The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.
If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
If your drive starts malfunctioning, then without encryption you might be able to read some sectors and recover a few things. With encryption you are SOL.
load more comments
(1 replies)
Great point.
I provided reasons why I encrypted my drives but this one is even better.
(Another one could be if you need to get your computer to a repair shop, and for some reason you can't just remove the drive.)
load more comments
(1 replies)
load more comments
(7 replies)