disk encryption for Ubuntu 20 LTS

[Volker Wysk]

Am Freitag, den 21.05.2021, 13:53 +0200 schrieb Liam Proven:
> On Fri, 21 May 2021 at 13:42, Volker Wysk <post at volker-wysk.de> wrote:
> > Modern computers are fast enough. I don't have a noticeable performance
> > loss. And the Ubuntu installer can set it up for you.
> 
> I disagree; I could certainly tell on my high-end work laptop when I
> worked at Red Hat. I don't believe the performance improvement is that
> great in the last 6-7Y.

I can't comprehend that. I've been using encryption for more than ten years,
and have never noticed a performance decrement.

> Secondly, who says everyone's using state of the art laptops? My work
> one is from 2016.

Mine is even older.

> > You need to encrypt swap, because you have passwords and other sensitive
> > information in memory, and when it gets swapped out, it'll be readable
> > unless the swap is encrypted.
> 
> I don't think this is a real threat. Here are at least 4 good reasons:
> 
> [1] Modern machines have lots of RAM and hardly swap at all. It's
> mainly there for hibernation, and hibernation is off by default.
> [2] I don't think anyone asking for help on a public list has
> information _that_ important or confidential.
> [3] Sadly, if someone does work in a big government agency or
> something, they'll be running Windows or a Mac.
> [4] All this is academic anyway if you use Chrome or Firefox Sync, or
> any networked password manager.
> 
> Summary: I call BS on this argument.

You get the swap encryption for free, when using the Ubuntu installer. Why
not use it?

> > I also prefer to encrypt the whole system, so nothing will leak out. For
> > instance when /tmp is used.
> 
> Use a tmpfs. It's faster anyway.
> 
> 
> > The recovery plan can consists in reinstalling the system and restoring a
> > backup of the personal data. I agree that testing the backup is necessary.
> > 
> > > You want to have a minimum of THREE (3)
> > > offline backups on different media at all times.
> > 
> > I have two. That's enough.
> 
> Look up "grandfather/father/son" backups. There are good solid reasons I said 3.

I've taken a short look at the Wikipedia page. If you need that, so be it.
For personal use, it looks like overkill to me.

> 
> > > If you use crypto
> > > without good backups, you are 100% going to lose all your data at some
> > > point.
> > 
> > No.
> 
> I have personally seen Linux collapse and fail to boot on both my own
> machines (repeatedly) and colleagues. It is a real threat.
> 
> So are malfunctioning USB ports.
> 
> Your risk/threat assessment is poor.
> 
> > > I know a lot of the Linux nerds love encryption, but in my expert
> > > professional opinion it's a huge waste of time, effort and
> > > performance.
> > 
> > What happens if your laptop gets stolen?
> 
> They wipe it and they sell it.

They will certainly take a look at your personal data, when they have it in
their hands. Then they may find your credit card information or something.
Someone with enough criminal energy to steal your laptop, might also have
enough to steal your identity.

> We are not secret agents here. Nobody cares about our passwords. 

As long as we don't stray from the herd.

> It's
> much easier to steal them online if anyone wants.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20210521/2c3c2981/attachment.sig>