linux4noobs@lemmy.world

  • Anarch157a@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Safe in what context ?

    If the drive is mounted and data accessible, in case your computer is compromised by some kind of malware, well, the data will be easy to exfiltrate. Now, if the computer is turned off or the drive unmounted, that’s what encryption comes in to protect it.

    So, basically, encryption will protect the data in case of physical theft of the drive or in case of remote hacking if the drive is un-mounted.

    • Guenther_Amanita@feddit.deOP
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Safe in the context of someone stealing the hard drive and look through private photos and stuff by plugging the drive into another device.

      • Anarch157a@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        In that case, without encryption, your safety is zero. That’s the exact scenario that full-drive encryption was designed for.

            • Guenther_Amanita@feddit.deOP
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              1 year ago

              Wtf, no?!

              If I had CP, I wouldn’t ask publicly and make myself vulnerable.

              I just don’t wanna have anyone snooping around my stuff, just as everyone else.

          • MimicJar@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            Out of curiosity what sort of safety did you think an unencrypted hard drive had?

            I mean no offense and I think it’s a perfectly fine question to ask, I just want to understand what you expected.

            • Guenther_Amanita@feddit.deOP
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              I had the expection that Linux is already set up as a multi-user environment and has that feature built in.

              Of course that “isolation” of data, as I had it in my mind, wouldn’t be really secure, but it doesn’t have to be that for me. I just don’t want anyone to access it easily.

              • Pantherina@feddit.de
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                No poorly not. Just as Windows by default. Systemd-homed is a solution for that but afaik its questionable if its ready. Would be great if Distros like Fedora shipped it by default.

                An encrypted system rather than an encrypted user partition is still necessary, because attackers could replace system files or simply add a service that uploads your stuff somewhere, or manipulate sudo, or log your password etc.

              • Laser@feddit.de
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                Simplified, there’s two layers to data protection, physical and logical. Linux or basically any correctly configured modern operating system provides logical protection, i.e. access under the running OS is only granted to authorized users. Granted you can still put holes in here, e.g. a webserver is misconfigured and allows access to any user to all files it can read. However, from the OS perspective, everything is fine, as the webserver can still only read what it’s allowed to.

                Data encryption protects data at rest, i.e. when no operating system enforcing the logical protection is running. The case has already been described so I’m not gonna repeat that here.

                It’s important to understand that in general, these two measures are completely seperate from each other. Device encryption won’t help against logical attacks, and logical protection won’t help against offline attacks. You need both if you can’t rule out an attack vector completely (i.e. your server sits in a secure safe that can’t be opened by anyone not authorized to, then encryption might not be necessary).