Hello, Am Freitag, 30. Dezember 2016, 13:06:41 CET schrieb Carlos E. R.:
On 2016-12-30 03:21, Anton Aylward wrote:
My biggest objection to encryption with Linux is that it feels clunky. I've used some forms of military and commercial data encryption and by comparison LUKS is .... awkward.
Well, as LUKS is what I have available, I use it.
Then there is disk hardware native encryption, but I don't know how to boot that.
The more interesting question is how to _trust_ that. With LUKS, you can read the source code or, if you are not a programmer and/or encryption expert, ask someone with programming and encryption knownledge to audit it. You won't get the audit for free, but it's possible. With hardware encryption or military / commercial encryption, you can't check what it does. IIRC there was more than one "encrypted" hard drive that was easy to decrypt, and I also wouldn't trust closed source encryption too much. For examples of both, check the [23][0-9]c3 archives ;-)
Security is always a cost-benefit exercise. Is the data important enough to warrant the expense, the effort and the inconvenience? This is a business decision, not a technical issue.
I prefer to inconvenience the burglars if I can ;-)
Same here. If someone steals my hard drive, the only readable thing will be /boot ;-) (AFAIK nowadays even /boot can be encrypted, but I'm too busy or lazy (chose one ;-) to reinstall just for that.) BTW: Disk encryption has another advantage - besides preventing reading my files, it also prevents that someone modifies something on my disk. Well, random changes aka damage can be done - but doing a targeted change like installing a trojan is impossible. Regards, Christian Boltz -- Do you realise that mentioning mahjongg style compulsive clicking games in here endangers the release? ;) [Will Stephenson in opensuse-factory] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org