Re: Should I encrypt servers at my home lab?
On 2025-10-05, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
>
>> The stuff I want to specially protect will likely be in e-mail and jabber=
> conversations contents, and situations when someone is forgetting to encry
> pt them are not rare. I mean mostly received e-mails or friends who misconf
> igure their Jabber clients.
>
> Disk encryption won't do much to this.
Why not?
>> I want to protect against burglary and (most probable) against unwanted a
> ccess to disk contents when I give my hardware to the service to repair it.
> I'm also doing torrenting (I personally don't like copyright law and suppo
> rt copyleft related movements) and want to protect also against seizing har
> dware by police (never happened in my home but not impossible).
> *THIS* is exactly the scenario disk encryption will help you with, and
> nothing else. Assuming you're able to shut down before seizure. If someone
> gets your hardware in an "up and running" state, they still might get
> around, if they know what they are doing.
Any kind encryption is vulnerable to that, isn't it?
> That's why, BTW, disk encryption is nearly mandatory for mobile devices.
> Their biggest vulnerability is that they are lost & stolen, and then,
> they are hopefully shut down (and not "just" in a sleep state; hibernate,
> AFAIK is OK, since state is saved to the (hopefully encrypted!) swap
> partition.
Use software full-disk encryption (LUKS) — optionally on top of a SED
for double protection.
That gives you cryptographic assurance independent of the drive’s
firmware (the major weakness of the SED).
(I'm ambivalent about giving advice to someone who admits trying to
violate the law with impunity, though).
> And then, you better keep up with encryption thingies: there's some evidence
> that French police managed to brute-force a KDF to succesfully decrypt a
> seized disk [1] [2]. So these days, better use argon2id (and keep an eye on
> it).
Reply to: