[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
Is full disk encryption a meme? Why would...
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 44
Thread images: 4
File: luks-logo-cropped.png (14 KB, 330x112) Image search: [iqdb] [SauceNao] [Google]
luks-logo-cropped.png
14 KB, 330x112
Is full disk encryption a meme? Why would you use it with all that extra processing?
>>
>>52415183
>Why would you use it
To prevent an adversary from gaining access to my files.
>all that extra processing?
Moot point, hardware encryption brings the bottleneck back to the storage device.
>>
>>52415207
They don't care about your chinese cartoons.
>>
>>52415183
>extra processing
you wont notice anything to be honest..
>>
Maybe If I had a laptop and actually leave my house I would consider. But otherwise (as long as your home is secure) you don't need it
>>
>>52415183
>Is full disk encryption a meme?
No.

>Why would you use it with all that extra processing?
I don't use it on my desktop. If I had a laptop I would certainly use it as laptops are easy to steal.
>>
>>52415183
>with all that extra processing?

You won't even mention it on ten year old computers. A bigger bottleneck are multi-process applications that do everything thrice, like chrome or lately firefox.
>>
>why
in case a nignog steals my laptop and i was somehow stupid enough to leave banking information/passwords or something

its not that hard
>>
>>52415183
can I use that shit on a dualboot setup? got win 7 next to ubuntu. Encrypting my laptop is something I'd like to do.
>>
>>52415925
It's possible, but a bit more tricky than using a single OS.
There are guides for this online.
>>
>>52415949
Ok different approach.

Can I use LUKS in this case to encrypt ONLY my linux partition? I don't keep important stuff on windows anyway. It's only for uni since we need to use that shit there.
>>
>>52415183
There isn't any extra processing, that's not how hard drives work. The real downside is that it makes data recovery a bitch, hence I wouldn't recommend it to anybody unless you know you really need it, like mandated by your employer or something.
>>
>>52416027
>data recovery
Every sane person has backups of important data
>>
>>52415996
Yeah but I wouldn't call luks real disk encryption, ti works on the partition level not disk level, and that's trivial to break trough.
>>
>>52416043
most don't
>>
File: 1378813226031.jpg (44 KB, 590x500) Image search: [iqdb] [SauceNao] [Google]
1378813226031.jpg
44 KB, 590x500
>>52415183
>tfw you need to type the darn password every time you boot up the machine
>>
>>52416056
>Yeah but I wouldn't call luks real disk encryption
cryptsetup luksFormat /dev/sda


>ti works on the partition level not disk level
LUKS does not care about "partitions" or "disks". It works with block devices.

>and that's trivial to break trough.
How so?
>>
File: bebe_pepe.jpg (183 KB, 419x610) Image search: [iqdb] [SauceNao] [Google]
bebe_pepe.jpg
183 KB, 419x610
>>52416056
alright. Got it. Thanks.
>>
>>52416095
The parent post is wrong.
>>
>>52416056
>cryptsetup luksFormat /dev/sdx

You don't need a partition
>>
Laptop has hardware encryption and an SSD. I don't notice lag of any kind
>>
File: Im_a_grill_btw.jpg (48 KB, 419x610) Image search: [iqdb] [SauceNao] [Google]
Im_a_grill_btw.jpg
48 KB, 419x610
>>52416112
I'm still lurking + threadwatcher has this thread. So I won't miss anything here. Thanks for pointing it out.
>>
>>52416075
No tpm support unless you patch it in yourself, hence it needs a /boot partition, hence it works on the partition level, hence it's vulnerable by design to attacks that have been public knowledge since defcon 12.
>>
>>52416166
>partition level
LUKS does not deal with partitions but with block devices.

There can be a LUKS encrypted machine without any partitions.
The boot loader and initrd is stored on a flash drive that is chained to your body.
>>
>>52416071
>most don't
Then your data is not important
>>
>>52415183
No.

And, why the fuck would you ever use a plaintext storage device? Do you want to be able to wipe and/or recycle it? (Remember, SSDs cannot be securely wiped.) Is all of your data public, including your passwords? Of course not.

There is no noticeable overhead, even on fast SSDs, with software encryption, particularly with AES-NI acceleration using xts-plain64 mode.

It's not necessarily the best approach in every scenario. Filesystem level encryption using GCM or another AEAD would be preferable. Bootstrapping, boot integrity, key storage and handling and potential hardware attacks remain potential challenges - and are strictly outside the scope of LUKS, as is any online/remote encryption.
>>
>>52416056
dmcrypt works on block devices you fucking idiot.
>>
>>52416697
Except they can, because they encrypt by default. When you run ata secure erase on an ssd, a new encryption key is generated that overwrites the old. Data gone.
>>
What is the advantage of whole disk encryption vs only encrypting the files i want to hide?

If I want to encrypt my entire disk, is there a way of doing so without completly reinstalling my system?
>>
>>52415183
I use Truecrupt FDE, not Luks.

Luks does not offer hidden FDE, which means if you're ever under attack by FBI/NSA, then they can force you to give up your password, else face contempt of court.

The only way I think you could have plausible deniability while having Luks is if you somehow proved that none of the activity that they have logs on is yours.
>>
>>52416697
>Remember, SSDs cannot be securely wiped.
Shows what little you know.
>>
>>52417444
>http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/
basically there is no current way to securely wipe ssd's. a solution exists, but no manufacturer has implemented it yet.

>mfw half the people in this thread are probably doing full disk on fucking ssd's.
>>
>>52417537
shred 10 times a file on your ssd. good luck to restore it.
If some agency have the power to restore the shreded file, then they are likely powerful enough to send you to jail without a valid reason.
>>
>>52417596
>shred
ssd's aren't hdds

thats not how it works
>>
>>52417607
>take the file
>use dd to fill it with zeros
>use dd to fill it with /dev/random shit
>repeat
>delete the file

good luck retreiving it
>>
>>52416166
>vulnerable by design to attacks that have been public knowledge since defcon 12
So basically it's safe unless a NEET or the FBI steal my laptop?
>>
>>52417537
thats not even true

has nobody on /g/ ever had a job?
>>
>>52417741
http://www.infoworld.com/t/solid-state-drives/flash-based-solid-state-drives-nearly-impossible-erase-263

>In the meantime, the only sure way to erase the data on an SSD or USB drive requires a very large hammer.

post a source stating ssd's have been 'fixed' then.
>>
>>52417232
If you had to keep going around manually encrypting files, theres a high chance you will screw up and miss one or two potentially important ones.

OSX's FileVault transparently encrypts the main system drive when you turn it on, I guess there must be some similar system available on linux? Who knows.
>>
I'd rather just organize my files on my laptop and encrypt them.
>>
It's absolutely pointless unless you are a terrorist/professional criminal that lives in stealth.

I'm not even memeing. Normal people will just be held indefinitely until the keys are handed over.
>>
Actually, there IS a lot of performance loss when using full disc encryption without AES-NI.

I put my 850 EVO in a laptop with an AMD chip and the SSD benchmark values were absolutely atrocious.

Now, I'm using the exact same SSD together with an AES-NI capable processor and the values are good.
>>
I encrypted everything on my laptop including /boot.
You have to have my thumb drive to decrypt the boot partition, then decrypt the rest of the drive from there.

Basically without my thumb drive and password the entire system won't do anything and is a complete jumbled mess of encrypted data.
>>
>>52418120
>hurr guns are pointless unless you're a terrorist/professional criminal
Thread replies: 44
Thread images: 4
Thread DB ID: 424568



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.