I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.

Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.

But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.

  • Mwa@lemm.eeEnglish
    9·
    16 hours ago

    I don’t wanna risk losing anything on the drive thats important .

    • gandalf_der_12te@discuss.tchncs.de
      4·
      12 hours ago

      May i suggest a technique for remembering the password?

      write it down

      but instead of writing down the password, write down questions that only you can reasonably answer. For example:

      • what was the name of the first girl i kissed?
      • where did i go to on summer camp?
      • which special event happened there?

      and the answer would be: “mary beach rodeo” or idk what. this way, you construct a password out of multiple words that each are an answer to a simple question.

      • EveryMuffinIsNowEncrypted@lemmy.blahaj.zoneEnglish
        8·
        14 hours ago

        That is a good reason to backup

        This is true.

        but has nothing to do with encryption.

        I disagree with this. If you forget the password for decrypting your drive, then you will have lost “anything on the drive that’s important”. I know because it happened to me long ago, and so now I too have been wary of disk encryption ever since then.

        • Quazatron@lemmy.world
          21·
          11 hours ago

          Encryption and backup are orthogonal domains. If you don’t understand why, I’m sure you’re not going to take a random strangers’ opinion on the subject.

          • utopiah@lemmy.ml
            1·
            9 hours ago

            Mind expanding just a bit through? IMHO it’s not orthogonal in the sense that either your backups are :

            • unencrypted and thus your is are safe (you have copies you can access despite losing your keys) but not secure (someone else can read the content too)
            • encrypted and thus your data is NOT safe if you lose your keys but secure

            Isn’t it?

            • netvor@lemmy.world
              1·
              2 hours ago

              TBH even the way you phrased your question kind of proves it’s orthogonal. Yes, you can have the full matrix:

              encrypted | backed up
----------|----------
       no |        no
       no |       yes
      yes |        no
      yes |       yes

              In each case, you have a different set of problems.

              • Encrypting a particular medium only means that it’s going to be harder to gain access to the data on that medium (harder for everyone, but trillions of less harder for someone who knows the password.
                • That’s regardless of whether you also have a backup.
              • Backing up just means that a copy of the data exists somewhere else.
                • That’s regardless of whether this or the other copy is encrypted.

              Sure, eventually, the nature of your data’s safety will be affected by both.

              Disclaimer: I’m by no means a security expert, don’t take what I write here as advice!

              Eg. I encrypt my disks. When I do, I basically encrypt everything, ie. all partitions (except /boot). Then on those partitions, most of the data is not worth backing up since it’s either temporary or can be easily obtained anyway (system files). Well, some of the data is backed up, and some of that even ends up on disks that are not encrypted (scary, I know!) :)

              To be fair, just encrypting the disks does not solve all. If someone broke to my house, they would with almost 100% chance find my computer on, which means that the disks are not encrypted (technically still are, just that LUKS provides unencrypted versions as well…) So the barrier they would have to face would be basically just the desktop lock.

              For that reason I don’t encrypt hard drives on my remote server, since the server is always running in a virtual environment so by definition anyone who’s maintaining the hardware can already open files from the unencrypted drives, ie. I think it would be pointless.

            • Quazatron@lemmy.world
              1·
              9 hours ago

              I keep backups (regular, incremental, remote) to keep my data safe in case something happens to my local data. This protects me from things like theft, hardware failure, accidental deletion of some important files. Having multiple generations (daily, weekly, monthly) will protect me when I delete some files and only realize weeks later.

              All of this is a separated issue to having encryption or not. I encrypt both local and backup copies, and store the keys in a password manager.

              See what works for you, but don’t confuse the issues.

      • Mwa@lemm.eeEnglish
        5·
        14 hours ago

        I meant if I lose my encryption key I lose the data on the disk.

        • mholiv@lemmy.world
          21·
          14 hours ago

          That is a good reason to backup, but has nothing to do with encryption.

          (For real though I have a backup of all of my drive LUKS headers stored on several media types on and off site.)

          • keegomatic@lemmy.world
            1·
            8 hours ago

            How would backing up help with that, though, assuming the backups are also encrypted?

            I meant if I lose my encryption key I lose the data on the disk.

            If they lose the key they lose the data in the backups, too. So that concern is not a good reason to backup, in my eyes.

            Then, if the backups are not encrypted, then doesn’t that undermine the value of encrypting your drive/user data partition in the first place?

            • mholiv@lemmy.world
              1·
              8 hours ago

              Just backup the LUKs header files. No need to encrypt them as they’re inherently secure as the hard drives they would originally reside on.