Choose style:

Author Topic: Disk encryption  (Read 956 times)

0 Members and 1 Guest are viewing this topic.

Offline christianvl

  • Member
  • ***
  • Posts: 191
  • Karma: 33
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Disk encryption
« on: March 09, 2018, 11:58:45 am »
I always perform new installs with disk encryption. For ubuntu derivatives, it seems the option is to only encrypt the hone folder, while other distros (fedora, mageia, for example) offer full disk encryption.
It's good to know my data is safer, however I think there's quite a tool on boot times. The general performance doesn't suffer to a point it's unbearable (at least for my needs).
However I wonder if this is the best option for a laptop or regular user computer, as it could affect battery life. Is there a better way to keep files encrypted? Is full disk encryption the best method of encryption? Or should I just keep an encrypted folder with something like truecrypt?
Is there any documentation on system performance for comparison?
And finally, can I remove the disk encryption without erasing the disk?
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25659
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Disk encryption
« Reply #1 on: March 09, 2018, 02:55:39 pm »
You can do full disk encryption whilst installing Peppermint.


Though it would be a good idea to read the release notes about recovering the key:
https://peppermintos.com/release-notes/

Quote from: Peppermint Release Notes
Electing to encrypt your home folder during the installation process results in the system not presenting a mount key upon first boot. Running the command:
Code: [Select]
ecryptfs-unwrap-passphrase
and entering your system password will result in the presentation of the key.



Removing home partition encryption is doable, but not straightforward... see here:
https://www.howtogeek.com/116179/how-to-disable-home-folder-encryption-after-installing-ubuntu/

Personally I never use encryption .. I've had it become corrupted in the past (both Linux and Windows) and it's just a PITA .. any data I wouldn't want others to have is simply zipped with a strong password and stored on the NAS.
« Last Edit: March 09, 2018, 03:03:02 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline christianvl

  • Member
  • ***
  • Posts: 191
  • Karma: 33
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: Disk encryption
« Reply #2 on: March 09, 2018, 09:10:59 pm »
You can do full disk encryption whilst installing Peppermint.


Though it would be a good idea to read the release notes about recovering the key:
https://peppermintos.com/release-notes/

Quote from: Peppermint Release Notes
Electing to encrypt your home folder during the installation process results in the system not presenting a mount key upon first boot. Running the command:
Code: [Select]
ecryptfs-unwrap-passphrase
and entering your system password will result in the presentation of the key.



Removing home partition encryption is doable, but not straightforward... see here:
https://www.howtogeek.com/116179/how-to-disable-home-folder-encryption-after-installing-ubuntu/

Personally I never use encryption .. I've had it become corrupted in the past (both Linux and Windows) and it's just a PITA .. any data I wouldn't want others to have is simply zipped with a strong password and stored on the NAS.
Thank you PCNetSpec!

I think I've missed that optionů  maybe it was disabled if the erase all disk isn't selected?

I'm a little more concerned if my laptop is stolen or if I need to get it repaired by someone else. Not that I have "something to hide" but we never know what kind of data can someone extract from your computer (browsing habits, passwords, some banking files or even pictures of my family).

I was just wondering if I'm getting some significant performance hit for working with encrypted devices. I've never had any problem with some system component malfunction due to the disk encryption. And I was also curious about truecrypt.

Enviado de meu Quantum Fly usando Tapatalk

There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline christianvl

  • Member
  • ***
  • Posts: 191
  • Karma: 33
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: Disk encryption
« Reply #3 on: March 09, 2018, 09:36:21 pm »
So, this is interesting.  This is from 2014, but my guess is that it haven't changed much
 https://www.phoronix.com/scan.php?page=article&item=ubuntu_1404_encryption&num=1

Home encryption has a more significant performance hit than a full disk encryption! 

I'll definitely go for the FDE on the next release.

Enviado de meu Quantum Fly usando Tapatalk

There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25659
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Disk encryption
« Reply #4 on: March 10, 2018, 09:18:09 am »
Another option would b e to keep the performance of NO encryption, and to just create an encrypted FOLDER for your sensitive data
https://forum.peppermintos.com/index.php/topic,2437.0.html
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline christianvl

  • Member
  • ***
  • Posts: 191
  • Karma: 33
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: Disk encryption
« Reply #5 on: March 10, 2018, 04:34:21 pm »
Thank you for posting the link. I'll give it a try when I'll install Peppermint 9 (I'm sure the installer - the current one - only supports full disk encryption if we erase all the disk, not an option since I have other Linux system on my computer).

Anyway, just to be clear, I already think Peppermint is blazing fast, even with my encrypted home folder.

I currently have an ICE app for MEGA, where I keep my files. I do not have the MEGA sync software installed.
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25659
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Disk encryption
« Reply #6 on: March 10, 2018, 09:39:24 pm »
Yep it'll only do FULL disk encryption if it can encrypt the FULL disk ;)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline christianvl

  • Member
  • ***
  • Posts: 191
  • Karma: 33
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: Disk encryption
« Reply #7 on: March 11, 2018, 05:03:02 am »
Yep it'll only do FULL disk encryption if it can encrypt the FULL disk ;)
This is where I think Anaconda does a better job. It will encrypt the full disk considering only the partitions where it's installing the new system. So, if you already have something else on your disk you don't have to erase it (don't touch my peppermint ).
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25659
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Disk encryption
« Reply #8 on: March 11, 2018, 08:42:24 am »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec