this post was submitted on 30 Nov 2023
3 points (100.0% liked)

Linux 101 stuff. Questions are encouraged, noobs are welcome!

1027 readers
14 users here now

Linux introductions, tips and tutorials. Questions are encouraged. Any distro, any platform! Explicitly noob-friendly.

founded 1 year ago
MODERATORS
gyro@lemmy.world
Guenther_Amanita@feddit.de
3
How safe are my data if my hard drive isn't encrypted? (feddit.de)
submitted 9 months ago* (last edited 9 months ago) by Guenther_Amanita@feddit.de to c/linux4noobs@lemmy.world
2 comments fedilink hide all child comments
 

I've enabled full hard drive encryption on all of my devices.

The only exception is my homeserver (mainly running Nextcloud), where all of my personal data is stored.

I'm the only user and have chosen a very strong root- and user password.

From what I've researched, the only person who can see my data physically is the super user (aka. me), but if someone else doesn't have the password, they can't read anything critical and my personal data are safe from the eyes of others.

Is that correct? If it is, why does LUKS exist?

top 2 comments
sorted by: hot top controversial new old
[โ€“] sashanoraa@lemmy.blahaj.zone 1 points 9 months ago

As others have said drive LUKS is primarily meant to protect against someone getting your data if they physically steal your device/drive. This is less of a risk for a home server then say a laptop or phone.

[โ€“] jet@hackertalks.com 0 points 9 months ago

Anyone with physical access to the computer that's unencrypted can see all of the data. If that's all right with your threat model then thats ok.

Having full disc encryption means the data is not available unless somebody has the password, usually guarded by a secure element in the computer itself that limits the number of unlock attempts to something reasonable. So if the device is stolen or copied, the data can't be used..

To take the opposite position for a second, even if your server has full disc encryption, if it's online and attached to a network and unencrypted, it's still unencrypted. Well the machine is on and doing useful work the full disc encryption only applies to data at rest, anything inside of the operating system sees things unencrypted (I'm talking about the general case here, obviously there's other things you could do to ensure data is encrypted while the computers on but that's not what full disc encryption usually means)