Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
kubik369 8 hours ago

Agreed, I have personally come to the same conclusion. I do not encrypt the drives in my home desktops and servers so that the recovery/migration is easier when the time comes. The risk of someone stealing my desktops from my home is very low and the impact of someone going through my family photos or Linux ISOs is nothing. I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.

At the time of writing, there are already other replies to this comment how "it's mandatory today to encrypt drives" without any qualifiers. I am growing more and more frustrated by people who try to force security measures like this "because it is more secure that way" without first taking a look at the risks, impacts and associated costs. I think they simply force these security measures on others to feel good about their choices.

It was a breath of fresh reasonability when I found out that apt intentionally uses only HTTP instead of blanket HTTPS everywhere because the packages are signed, therefore they can be verified by the client, and using HTTP allows easier caching with cache proxies and such.

hellojesus 7 hours ago | parent | next [-]

> I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.

Isn't this rather trivial? You gen a keyfile, register it with luksAddKey, then update /etc/crypttab, no? The real concern is making sure that keyfile is stored securely, but you can simply symmetrically encrypt it and upload it to your favorite cloud storage provider.

kubik369 7 hours ago | parent [-]

Uuh, I am not sure. I believe that he was talking about having full disk encryption which means that he needs to input the password to unlock the boot partition.

drnick1 6 hours ago | parent [-]

You can use TPM2 to automatically unlock the root partition and not have to input a password manually at boot. This is how my laptop (running Arch, btw) is setup. Whether or not disk encryption is necessary for a system that is physically secure at home or elsewhere is debatable however. But a laptop can be easily left somewhere and disk encryption seems necessary unless it never leaves home.

microgpt 8 hours ago | parent | prev [-]

I used to think that and then the authorities raided my house (for bullshit reasons that had nothing to do with me). Now I encrypt everything.

kubik369 7 hours ago | parent [-]

That's a valid point. I feel for you. Similar thing has happened to a friend because of his dorm roommate torrenting some ... not linux isos illegal stuff.

With that said, I still find this risk quite unlikely to happen (at least in my country) with data loss due to being unable to decrypt the drive being more likely due to me changing computers often. If I were in a country such as the current U.S. for instance, I would most probably encrypt everything I could get my hands on. In addition, I think it is one more reason to have good offsite backups and to invest time into those. For me, losing the data/not having access to it for a long time while the police have it is a bigger impact than them finding out what porn I watch in my opinion. I don't mean it in a "nothing to hide" kind of way, but in a "I don't think they could do much any/damage with that information" way.