So I’m installing EOS now, and decided to do the encrypted option while partitioning. Is that going to come back to bite me in the butt later? And also, is there a benefit to encryption other than piece of mind?
The only benefit is your data is encrypted.
The obvious benefit of encryption is that if someone gets a hold of your physical device they won’t be able to read the data off of it. Without encryption, anyone could access the data no matter what permissions you had.
Roger that. Most of my important data like code and private files are on a second drive. That drive also has steam
Is there a way to retroactively encrypt that drive? Or maybe just a partition on that drive?
Don’t forget your password, or lose your keyfile … there is no back door.
Not without blowing away all your data in that partition.
Have a read and determine if encryption is right for you.
The resource is great. Thanks a bunch!
It might make sense to only encrypt your private files i.e. the second drive.
Full Disk Encryption is not without problems.
But I can’t vouch for it; never tried this.
I always go the full disk encryption way and have never ever lost a system or data due to encryption. I would always recommend it.
Personally, I just encrypt the files that contain sensitive information, like passwords, etc… manually using GPG:
Easier than encrypting the entire drive, in my opinion. I see no need to encrypt 99% of the files I have.
Usually full drive encryption is meant to avoid glowing alphabet agencies to inject something like child p0*n to your drive and jail you for life
*Depending on your country experience with agencies may vary
Well, here they can just give me a DVD with stuff like that and jail me for it. “Please, sir, hold this for a moment… STOP RIGHT THERE CRIMINAL SCUM!”
They are too dumb to inject anything, anyway
One more benefit of encryption is that if you want your data to be gone and not recoverable by anyone else* , you can simply erase your disk (#cryptsetup erase /dev/sdx) . Even if your password is weak this will make the data inaccessible for 99.99% people provided you erased luks header backups of the drive if any .
*The three/four letter agencies can or will wait till quantum computing is established and decrypt your data possibly after recovering the entire luks container
Yea it’s truly paranoid thought
Not really, again depending on where you are
True, but if it’s just your personal data you care about, then I would also only encrypt just that, or the device where the personal data is. It’s simply easier to handle than FDE.
And don’t forget about transparent file encryption on ext4/f2fs with the
I’ll have to look up more on fscrypt. I don’t know anything about it.