On Sat, Oct 04, 2025 at 06:39:30PM +0000, whiteman808@paraboletancza.org wrote: > Hey. > > I've started building my home lab and currently I'm going to host stuff like nginx, jabber server, mail, git hosting. > > The stuff I want to specially protect will likely be in e-mail and jabber conversations contents, and situations when someone is forgetting to encrypt them are not rare. I mean mostly received e-mails or friends who misconfigure their Jabber clients. Disk encryption won't do much to this. > I want to protect against burglary and (most probable) against unwanted access to disk contents when I give my hardware to the service to repair it. I'm also doing torrenting (I personally don't like copyright law and support copyleft related movements) and want to protect also against seizing hardware by police (never happened in my home but not impossible). *THIS* is exactly the scenario disk encryption will help you with, and nothing else. Assuming you're able to shut down before seizure. If someone gets your hardware in an "up and running" state, they still might get around, if they know what they are doing. That's why, BTW, disk encryption is nearly mandatory for mobile devices. Their biggest vulnerability is that they are lost & stolen, and then, they are hopefully shut down (and not "just" in a sleep state; hibernate, AFAIK is OK, since state is saved to the (hopefully encrypted!) swap partition. And then, you better keep up with encryption thingies: there's some evidence that French police managed to brute-force a KDF to succesfully decrypt a seized disk [1] [2]. So these days, better use argon2id (and keep an eye on it). Cheers [1] https://mjg59.dreamwidth.org/66429.html [2] https://nantes.indymedia.org/posts/87395/une-lettre-divan-enferme-a-la-prison-de-villepinte-perquisitions-et-disques-durs-dechiffres/ -- t
Attachment:
signature.asc
Description: PGP signature