[Cryptography] Disk encryption
Kent Borg
kentborg at borg.org
Mon May 1 13:40:02 EDT 2023
On 3/27/23 10:23, Dave Horsfall wrote:
> I've never used disk encryption before, so I have some concerns.
I've done "full disk encryption"* on laptop SSDs for many years, using
Linux encryption, as setup by Debian, not using any encryption feature
of the drive itself. In my most recent instance I put some effort into
moving tmp directories into RAM disks, but I still have swap on SSD, and
do I run modern web browsers, so I'm almost always into swap at least.
I have had no problems.
I am good about doing backups onto (encrypted!) ping-ponged external USB
disks, on spinning media. So the Gods will be nice to me. And I think
two of the WD disks have died in the time I have had my current
computer, over two-and-a-half years. So the Gods are not happy with WD.
* "Full disk encryption" of course can't include the boot volume. On
my current computer, a Dell XPS-13, I was very disappointed that
booting from the micro SD slot is very iffy. I *had* hoped to do
battle with "evil maid" attacks by guarding a tiny micro SD boot
volume more closely than I can guard the laptop itself. Alas, that
didn't work.
I suggest you go with disk encryption. And do backups, because backups
are always good.
-kb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20230501/826b6122/attachment.htm>
More information about the cryptography
mailing list