| ▲ | archerx 4 hours ago |
| Maybe I’m an outlier but I don’t want my drives encrypted at all. I rather have all my data be accessible if things go catastrophic, I.E. having to pull the drive out of a broken computer and put it in another computer to access the files. I just want it to be plug and play. |
|
| ▲ | Glohrischi 4 hours ago | parent | next [-] |
| My harddrives (laptop, work laptop, desktop, server) contain emails, browser sessions, saved passwords, personal data from family and friends. I do not want someone stealing my laptop on a train ride potentially being able to have all of that data. With a proper real backup strategy, i have everything save. I do not need easy access to a hard drive from a broken computer. But hey you do you :) |
| |
| ▲ | xingped 4 hours ago | parent | next [-] | | Cool. Everyone's threat model is different. As long as we're not writing passwords on sticky notes attached to the monitor, I don't think there's any need to be throwing stones. | | |
| ▲ | pyrale 2 hours ago | parent | next [-] | | > Everyone's threat model is different. Everyone's threat model is different, but some are better than others, and maybe we shouldn't equate taking time to explain why with throwing stones. | |
| ▲ | lachiflippi 3 hours ago | parent | prev | next [-] | | Sensitive data written down on a sticky note is arguably more secure than that same data sitting on an unencrypted hard drive, at least in a home setting. | |
| ▲ | Glohrischi 4 hours ago | parent | prev | next [-] | | I did not throw a stone, i only clarified my counter position for others to understand why I encrypt. | |
| ▲ | brookst 4 hours ago | parent | prev [-] | | Hey now, I use rot13 on my sticky notes. | | |
| ▲ | loneboat 4 hours ago | parent [-] | | Gotta bump that encryption up - rot26 is twice as secure. | | |
| ▲ | harshreality 3 hours ago | parent [-] | | Secure rot* variants require UTF-8 and mappings that shift characters between {1,2,3,4}-byte encoded-character-sizes. That varies the message length, which prevents any message-length or traffic analysis. The Snowden leaks revealed that the NSA is flummoxed on how to tackle variable character lengths. However, they've cracked rot26 using custom ASIC supercomputers, so it should be considered insecure even though it's twice as good as rot13. |
|
|
| |
| ▲ | NBJack 4 hours ago | parent | prev | next [-] | | Are you saying you bring your desktop on a train ride as well? Laptops with encryption make sense; if you need to encrypt your desktop, I have questions. | | |
| ▲ | Glohrischi 4 hours ago | parent | next [-] | | I have one safety concept for everything and not random ones for random devices. Every machine is encrypted, unlocked per login. Encryption is basically free so. | |
| ▲ | rpdillon 3 hours ago | parent | prev | next [-] | | My inference machine is the only drive I leave unencrypted, but that's because it has the models on it, llama.cpp, and nothing else, and I want it back up and running services after a power-failure. My other desktops are encrypted to make hard drive disposal easy. | |
| ▲ | The_President 4 hours ago | parent | prev | next [-] | | Simple hypothetical: "A disaster hits and the workstation owner is unable to return to the location the workstation is stored. During that time period the workstation is stolen by a gang of looters." | | | |
| ▲ | msh 4 hours ago | parent | prev [-] | | Burglars are a thing. | | |
| ▲ | JoshTriplett 4 hours ago | parent [-] | | Also a reason to have off-site backups. Many people have done backups to local servers, only to discover that they have no way to recover their data because thieves stole everything. |
|
| |
| ▲ | archerx 3 hours ago | parent | prev [-] | | My data is mundane and mostly my art projects and photography. I don’t believe I am important or interesting enough for someone to do anything with my data if they somehow managed to get it also I don’t have emails, saved passwords, banking info or that kind of sensitive info on my computers so meh I guess. |
|
|
| ▲ | hiq 4 hours ago | parent | prev | next [-] |
| If "things go catastrophic" your hard drive is not usable at all anymore. At the very least some files can't be recovered at all. So you need backups in any case. Once you have backups, you might as well encrypt your hard drives, especially if you store these in different locations (which you should). An advantage of encryption is that it makes it easier to give away or resell devices. With recent encryption schemes (well the ones on Linux, given this article), I feel confident that overwriting the encryption keys gets me close enough to not leaking my data once I get rid of an old hard drive. |
| |
| ▲ | archerx 3 hours ago | parent [-] | | That’s not true. I’ve had many computers that refuse to turn on and I was able to recover the files by removing the drive and loading it into a USB hard drive reader and recover the files. | | |
| ▲ | hiq 2 hours ago | parent [-] | | I sure envy you if this qualifies as "catastrophic", because hard drive can and do fail. |
|
|
|
| ▲ | The_President 4 hours ago | parent | prev | next [-] |
| Additional problem is if physical access is obtained, illegal material could be covertly added to the drive then picked up by the built in scanners in your OS. Depends on how important you are. |
|
| ▲ | deng 4 hours ago | parent | prev | next [-] |
| But it's also plug&play for anyone stealing your laptop, see for instance https://news.ycombinator.com/item?id=39941021 |
|
| ▲ | mordae 3 hours ago | parent | prev | next [-] |
| That's called LUKS2 and it's the default on Linux. You just type passphrase on boot. It's not tied to the motherboard. |
| |
| ▲ | archerx 3 hours ago | parent [-] | | What if you forget the passphrase after not using it for many years and you suddenly need a file on the drive? | | |
| ▲ | slashdave 3 hours ago | parent [-] | | Print it on a piece of paper and put it in a lock box. | | |
| ▲ | Terr_ 2 hours ago | parent | next [-] | | Better still: LUKS allows you to set up multiple entry keys, so use two, either of which will grant access to the drive. * Your preferred memorized passphrase and will never be written down anywhere. * A random key you can print and store in a box somewhere. Then if your backup paper gets lost, you can revoke/replace it without having to abandoned your memorized favorite. | | |
| ▲ | slashdave 2 hours ago | parent [-] | | Yep. You can also put your key on a usb drive that can be read on boot. Just choose a good quality one.... | | |
| ▲ | Terr_ 2 hours ago | parent [-] | | A few ideas for extra security: * Split the recovery key in two, store each half with a different friend. (If you're feeling fancy, XOR the halves and store that with a third friend, then any two out of three will work.) * Sneak the key into something you know friends/family won't throw away while you're still alive, like stuck to the back of a sentimental photo in a frame. ____ That said, I think I'm wandering from the original "accumulating dusty old drives in a box" scenario, which has a simpler solution: Keep a growing old_drives_keys.txt file on your current (encrypted) main device. |
|
| |
| ▲ | nickjj 2 hours ago | parent | prev [-] | | Yep, this is the way. It survives human memory and doesn't depend on software. If you keep it in a dark environment that's not super humid the ink should last a really long time. Even in non-optimal conditions (NY summers with high humidity, etc.) I've had regular pen ink last for decades with no signs of fading away. |
|
|
|
|
| ▲ | rpdillon 3 hours ago | parent | prev | next [-] |
| I was happy to give up my side-hobby of drilling drives after FDE became standard everywhere. Plug and play is great, but you don't want it to be plug and play for whoever pulls your drive out of the trash. |
|
| ▲ | skeledrew 4 hours ago | parent | prev | next [-] |
| Same here. If anything happens I want a decent chance to be able to recover my data. The most I may do is create encrypted files, and some of them I've forgotten the passwords for, which makes me even more wary. |
|
| ▲ | jsmith99 3 hours ago | parent | prev | next [-] |
| So long as you've backed up the key you can fairly easily decrypt on any machine. |
|
| ▲ | lstodd 4 hours ago | parent | prev | next [-] |
| What's not plug and play if using some sensible fde like idk, dm-crypt? You are only a passphrase away from mounting that drive in any other system you plug it into. |
| |
| ▲ | pessimizer 3 hours ago | parent [-] | | That's my question, because my root is encrypted, I move encrypted disks all the time, and have a couple of encrypted external drives. It's trivial. But I'm sure that some of the millions of things that I've missed as windows has become what it has become makes this simplicity seem like a scifi absurdity. I don't think that they can even log into their own computers without asking Microsoft for permission over the network. I'm sure the idea of encryption must have been overcomplicated to the point of absurdity in order to trap customers too, I just don't know about it. I suppose you should just count your blessings (of ignorance) and be available to help your friends with cryptsetup if they decide to flee windows. |
|
|
| ▲ | tekne 4 hours ago | parent | prev | next [-] |
| I mean... you can use an encryption scheme compatible with this (if you know the password). I suppose this makes some sense for home computers (burglars and police raids are rare) but for a laptop, you really don't want thieves getting all your details. Ironically -- this probably was paranoid a few years ago, but now -- "ChatGPT, use this prepared prompt to extract all useful info from this hard drive" |
|
| ▲ | aniceperson 4 hours ago | parent | prev [-] |
| the point is having a choice and the choice actually doing what it claimed. |
