No, I don't encrypt. I am a grown ass man and I rarely take my laptop out of my home. I don't have any sensitive data on my various machines. I do use secure and encrypted cloud services to store things that I consider a security risk. Everything else is useless to a potential intruder.
this post was submitted on 16 Jan 2025
145 points (98.0% liked)
Linux
49050 readers
806 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
Most mobile/laptop devices should be encrypted by default. They are too prone to loss or theft. Even that isn't sufficient with border crossings where you are probably better off wiping them or leaving them behind.
My desktop has no valuable data like crypto, sits in a locked and occupied house in a small rural community with relatively low crime (public healthcare, social security, aging population). I have no personal experience of property theft in over half a decade.
I encrypt secrets with a hardware key. They are only accessed as needed. This is a much more appropriate solution than whole disk encryptiom for my circumstances. Encrypting Linux packages and steam libraries doesn't offer any practical benefit and unlocking my filesystem at login would not protect from network exfiltration which is a more realistic risk. It adds overhead.and another point of failure for no real benefit.
Yes. I have sensitive info in my PC (work credentials) and in the case of a break-in, last thing I want is to jeopardize my job.
I wanted to but everyone on Lemmy told me I was an idiot for wanting a feature Mac and Windows have had for a decade (decrypt on login) .
But seriously it's just not there on Linux yet. Either you encrypt and have two passwords, or give up convenience features like biometrics. Anything sensitive lives somewhere else.
You're an idiot, go back to macOS you fucking normie
(/s, I'm also waiting for TPM encryption + user home encryption)
Clevis pretty much does TPM encryption and is in most distros' repos. I use it on my Thinkpad. It would be nice if it had a GUI to set it up; more distros should have this as a default option.
You do have to have an unencrypted boot partition, but the issues with this can at least in be mitigated with PCR registers, which I need to set up.
I made the mistake of not setting up encryption on my main 45TB zfs pool so I'm currently backing up everything on there to tape so I can recreate the pool (also need to change from mirrored to raidz) and then copying everything back to the drives. Although writing and reading each are around 6 days continuesly. Didn't want to bite the bullet and pay more then I absolutely had to and only got a LTO-4 drive and tapes.
Asahi Linux doesn't support encryption and getting it to work requires a lot of steps and that I reinstall it which I don't have time for, so I don't have it enabled on my laptop, and if it gets stolen or confiscated I'm fucked.
I have it enabled on my server and phone.
@sudoer777 @monovergent , create an encrypted container? It's a little tedious, but fairly distro agnostic.
Edit: Definitely throw together scripts to simplify the process of unlocking and mounting.
Honestly... Why bother? If someone gains remote access to my system, an encrypted disk won't help. It's just a physical access preventer afaik, and I think the risk of that being necessary is very low. Encrypted my work computer because we had to and that environment also made it make more sense, I technically had sensitive customer info on it, though I worked at Oracle so of course they had to make it as convoluted and shitty as possible.
Can you explain why if someone get access to your encrypted disk, they would have access to its contents?
If someone can execute arbitrary code on my computer, it doesn't matter that the disk is encrypted, because I've already booted the machine up and entered the key. I'm certainly not the most cryptographically knowledge but using LUKS on Oracle Linux, I'd enter the key once while starting up, past that point there was no difference between an encrypted and unencrypted system. It seems logical to me, then, that if something can execute arbitrary code, it's after that point, so encryption won't matter to it. Encryption is more of a solution to someone physically obtaining your hard drive and preventing them from having access to the contents simply by plugging it into their system.
Or at least that's my understanding, please correct me if I'm mistaken.
You're somewhat right in the sense that the point of disk encryption is not to protect from remote attackers. However, physical access is a bigger problem in some cases (mostly laptops). I don't do it on my desktop because I neither want to reinstall nor do I think someone who randomly breaks in is going to put in the effort to lug it away to their vehicle.
Certainly didn't mean to say it's never useful, just not useful for me
I don't encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.
but I do have encrypted directories for my sensitive data
What do you use for encrypted directories? Ecryptfs?
My drives are not encrypted because it's a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I'm not really sure if it was needed.
I do not as I do not have any sensitive data and what data is sensitive are the digital documents which are securely encrypted by default via id card and its passwords.
If I start having something worth protecting I will turn on fedoras encryption. But until then anyone who manages to steal my 100 eur thinkpad and guess its password is welcome to try out linux and see if they like it I guess.
They don't need to guess the password. If you don't have full disk encryption I can just run another os in live mode and mount your drive and read everything. And even change the password to your fedora, by changing the hash in shadow file
oh no, if they changed the password and I got it back somehow, I could finally have an excuse to try out mint.
I don't but admittedly I don't do much stuff on my laptop that's super secure. it's mainly for gaming and the odd programming project.
No.
I spend a significant amount of time on other things, e.g. NOT using BigTech, no Facebook, Insta, Google, etc where I would "volunteer" private information for a discount. I do lock the physical door of my house (most of the time, not always) and have a password ... but if somebody is eager and skilled enough to break in my home to get my disks, honestly they "deserve" the content.
It's a bit like if somebody where to break in and stole my stuff at home, my gadgets or jewelry. Of course I do not welcome it, nor help with it hence the lock on the front door or closed windows, but at some point I also don't have cameras, alarms, etc. Honestly I don't think I have enough stuff worth risking breaking in for, both physical and digital. The "stuff" I mostly cherish is relationship with people, skills I learned, arguably stuff I built through those skills ... but even that can be built again. So in truth I don't care much.
I'd argue security is always a compromise, a trade of between convenience and access. Once you have few things in place, e.g. password, 2nd step auth, physical token e.g. YubiKeyBio, the rest becomes marginally "safer" for significant more hassle.
load more comments
(1 replies)
My issue is that I can never remember "a couple more commands" for the life of me. And I use Arch BTW, so the likelihood of me needing those is a bit higher than usual.
Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.
view more: next ›