I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
This is true.
I disagree with this. If you forget the password for decrypting your drive, then you will have lost “anything on the drive that’s important”. I know because it happened to me long ago, and so now I too have been wary of disk encryption ever since then.
Encryption and backup are orthogonal domains. If you don’t understand why, I’m sure you’re not going to take a random strangers’ opinion on the subject.
Mind expanding just a bit through? IMHO it’s not orthogonal in the sense that either your backups are :
Isn’t it?
TBH even the way you phrased your question kind of proves it’s orthogonal. Yes, you can have the full matrix:
In each case, you have a different set of problems.
Sure, eventually, the nature of your data’s safety will be affected by both.
Disclaimer: I’m by no means a security expert, don’t take what I write here as advice!
Eg. I encrypt my disks. When I do, I basically encrypt everything, ie. all partitions (except /boot). Then on those partitions, most of the data is not worth backing up since it’s either temporary or can be easily obtained anyway (system files). Well, some of the data is backed up, and some of that even ends up on disks that are not encrypted (scary, I know!) :)
To be fair, just encrypting the disks does not solve all. If someone broke to my house, they would with almost 100% chance find my computer on, which means that the disks are not encrypted (technically still are, just that LUKS provides unencrypted versions as well…) So the barrier they would have to face would be basically just the desktop lock.
For that reason I don’t encrypt hard drives on my remote server, since the server is always running in a virtual environment so by definition anyone who’s maintaining the hardware can already open files from the unencrypted drives, ie. I think it would be pointless.
I keep backups (regular, incremental, remote) to keep my data safe in case something happens to my local data. This protects me from things like theft, hardware failure, accidental deletion of some important files. Having multiple generations (daily, weekly, monthly) will protect me when I delete some files and only realize weeks later.
All of this is a separated issue to having encryption or not. I encrypt both local and backup copies, and store the keys in a password manager.
See what works for you, but don’t confuse the issues.