Encrypted Drive Questions

So I’m installing EOS now, and decided to do the encrypted option while partitioning. Is that going to come back to bite me in the butt later? And also, is there a benefit to encryption other than piece of mind?

The only benefit is your data is encrypted. :nerd_face:

The obvious benefit of encryption is that if someone gets a hold of your physical device they won’t be able to read the data off of it. Without encryption, anyone could access the data no matter what permissions you had.

1 Like

Roger that. Most of my important data like code and private files are on a second drive. That drive also has steam :rofl:

Is there a way to retroactively encrypt that drive? Or maybe just a partition on that drive?

Don’t forget your password, or lose your keyfile … there is no back door.

Not without blowing away all your data in that partition.

Have a read and determine if encryption is right for you.

https://wiki.archlinux.org/index.php/Data-at-rest_encryption

1 Like

The resource is great. Thanks a bunch!

It might make sense to only encrypt your private files i.e. the second drive.
Full Disk Encryption is not without problems.

Theoretically there is. See here for an explanation. The tool also seems to be in the AUR.

But I can’t vouch for it; never tried this.
I always go the full disk encryption way and have never ever lost a system or data due to encryption. I would always recommend it.

1 Like

Personally, I just encrypt the files that contain sensitive information, like passwords, etc… manually using GPG:
https://www.gnupg.org/gph/en/manual/x110.html

Easier than encrypting the entire drive, in my opinion. I see no need to encrypt 99% of the files I have.

2 Likes

Usually full drive encryption is meant to avoid glowing alphabet agencies to inject something like child p0*n to your drive and jail you for life :upside_down_face:

*Depending on your country experience with agencies may vary :laughing:

Well, here they can just give me a DVD with stuff like that and jail me for it. “Please, sir, hold this for a moment… STOP RIGHT THERE CRIMINAL SCUM!”

They are too dumb to inject anything, anyway :smiley:

1 Like

One more benefit of encryption is that if you want your data to be gone and not recoverable by anyone else* , you can simply erase your disk (#cryptsetup erase /dev/sdx) . Even if your password is weak this will make the data inaccessible for 99.99% people provided you erased luks header backups of the drive if any .

*The three/four letter agencies can or will wait till quantum computing is established and decrypt your data possibly after recovering the entire luks container :man_shrugging:

Yea it’s truly paranoid thought
2 Likes

Not really, again depending on where you are :laughing:
:male_detective: :alien:

True, but if it’s just your personal data you care about, then I would also only encrypt just that, or the device where the personal data is. It’s simply easier to handle than FDE.

And don’t forget about transparent file encryption on ext4/f2fs with the fscrypt utility.

2 Likes

I’ll have to look up more on fscrypt. I don’t know anything about it.