disk encryption for Ubuntu 20 LTS

Liam Proven lproven at gmail.com
Fri May 21 11:53:22 UTC 2021 

On Fri, 21 May 2021 at 13:42, Volker Wysk <post at volker-wysk.de> wrote:
>
> Modern computers are fast enough. I don't have a noticeable performance
> loss. And the Ubuntu installer can set it up for you.

I disagree; I could certainly tell on my high-end work laptop when I
worked at Red Hat. I don't believe the performance improvement is that
great in the last 6-7Y.

Secondly, who says everyone's using state of the art laptops? My work
one is from 2016.

> You need to encrypt swap, because you have passwords and other sensitive
> information in memory, and when it gets swapped out, it'll be readable
> unless the swap is encrypted.

I don't think this is a real threat. Here are at least 4 good reasons:

[1] Modern machines have lots of RAM and hardly swap at all. It's
mainly there for hibernation, and hibernation is off by default.
[2] I don't think anyone asking for help on a public list has
information _that_ important or confidential.
[3] Sadly, if someone does work in a big government agency or
something, they'll be running Windows or a Mac.
[4] All this is academic anyway if you use Chrome or Firefox Sync, or
any networked password manager.

Summary: I call BS on this argument.

> I also prefer to encrypt the whole system, so nothing will leak out. For
> instance when /tmp is used.

Use a tmpfs. It's faster anyway.


> The recovery plan can consists in reinstalling the system and restoring a
> backup of the personal data. I agree that testing the backup is necessary.
>
> > You want to have a minimum of THREE (3)
> > offline backups on different media at all times.
>
> I have two. That's enough.

Look up "grandfather/father/son" backups. There are good solid reasons I said 3.

> > If you use crypto
> > without good backups, you are 100% going to lose all your data at some
> > point.
>
> No.

I have personally seen Linux collapse and fail to boot on both my own
machines (repeatedly) and colleagues. It is a real threat.

So are malfunctioning USB ports.

Your risk/threat assessment is poor.

> > I know a lot of the Linux nerds love encryption, but in my expert
> > professional opinion it's a huge waste of time, effort and
> > performance.
>
> What happens if your laptop gets stolen?

They wipe it and they sell it.

We are not secret agents here. Nobody cares about our passwords. It's
much easier to steal them online if anyone wants.

-- 
Liam Proven – Profile: https://about.me/liamproven
Email: lproven at cix.co.uk – gMail/gTalk/gHangouts: lproven at gmail.com
Twitter/Facebook/LinkedIn/Flickr: lproven – Skype: liamproven
UK: +44 7939-087884 – ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

More information about the ubuntu-users mailing list