Should You Encrypt Your Linux Install?
ฝัง
- เผยแพร่เมื่อ 27 ก.ค. 2024
- Encrypting your Linux install is one thing you can do to secure your device. Should you do it? And how can you do it?
Note: Matt is not a security expert. This is explained mostly from a noob perspective with complete ignorance of any technology behind actual encryption.
Also, remember to put your recovery key in a safe place where it can't be gotten to by others. I don't say this on the video, but it seems like it should be common sense.
Patreon - / thelinuxcast
Liberapay - liberapay.com/thelinuxcast/
===== Thanks to Our Patrons! ====
Devon C. -- Tier 4 Patron
Marcus B. - Tier 3 Patron
Donnie H. - Tier 3 Patron
Maeglin - Tier 3 Patron
Sven C. - Tier 3 Patron.
EastCoastWeb - Tier 3 Patron
Marek M. - Tier 1 Patron
Camp514 - Tier 1 Patron
Mitchel V - Tier 1 Patron
===== Follow us 🐧🐧 ======
Odysee - odysee.com/$/invite/@thelinux...
Mastadon - @drmdub@distrotoot.com
/ thelinuxcast
/ mtwb
Subscribe at thelinuxcast.org
Contact us thelinuxcast@gmail.com
/ thelinuxcast
#tut #thelinuxcast #encryption - วิทยาศาสตร์และเทคโนโลยี
Thanks for the vid. It's always nice to have that extra layer of security 👍.
Cc
it's okay for baremetal everyday use. but when renting a Linux VPS. the VPS provider in theory could easily create memory dump of our running operating system, and from memory dump, some program could decrypt our encrypted drive. or worse, they even could create live snapshots of our VPS (which basically a VM) and runs it elsewhere without any problem decrypting in the first place.
Thanks for your videos! Greetings from Venezuela.
Great video mate! Learnt something new.
learnt a lot of this. Thank u
Good job explaining. I wasn't sure how to do full disk encryption. I saw the installer ask me if I wanted to encrypt the home folder but not disk. I restarted and followed your direction and it worked fine.
We all agree: Linux is amazing :) And you should always encrypt your drives if you store personal or important data on it. Also the backups. There are many reasons for this. My external hard drive has read and write problems, but still works in a way. I could have it replaced under warranty, but I probably won't be able to erase it safely. But because it is encrypted, I can send it back to the manufacturer without worrying.
Great explanation
I like encryption, but it's a bit annoying to enter a password twice when booting. In Linux Mint, if you encrypt the home folder, you only have to enter a password once when booting,
you can disable password on login and that way you only have to enter a password to decrypt, then it boots straight into the user.
Thank you. I'm an amateur and that video clarifies a lot.
Great video
Thanks For Vid
I honestly hate and get very irritated when someone does a video talking a lot and takes long to say something, but, I watched your whole video without even care about it. I like how calm you talk, keep up the good work!
A laptop has a set of different security risks.
Was typing that about the same exact moment you mentioned in your video.
Thank you for your video. The question is, how can I encrypt a server which is used by many. Yes it is possible, but after every boot it must be decrypted. Have you an answer for that?
If I'm going to multiboot, can I encrypt only the selected partitions, where do I install Ubuntu now?
Thank you. How does encryption affect backups? Is the backup encrypted?
Sorry if this is a dumb question but, it seems you did the encrypted install all on one partition? I just watched another video ( th-cam.com/video/_azMm3OLuhs/w-d-xo.html ) that shows it is best to make dedicated partitions for efi, swap, root, home, and so forth. Is there a way to perform an encrypted install and still use multiple dedicated partitions? (In other words, are the options "Use LVM with the new Ubuntu installation" and "Encrypt the new Ubuntu installation for security" also available somewhere under the "Something else" option?) Thanks so much for your help!!
I don't know for sure, so don't quote me on it, but I'd think that the only way to do it would be to use a custom partition manager. Using the automatic encryption offered by most installers isn't going to work. I'm sure, though, that if it is possible that someone on the internet has done it, so I'd reccommend a Google search or perhaps getting on reddit and asking in r/linuxquestions.
The problem ive had in the past with other encryption programs is that they got stuck during some file copy process or connection problems and the next time I tried to enter and get my files everything was corrupted and my files were basically gone. Luckily I had backups. But this is definitely a concern. I will give it a try on my new Linux install.
Will Tim work if The SSD drive with Ubuntu installed on it is encrypted?
This is probably a stupid question (so I apologise in advance), if you are installing Linux onto a machine that has TPM 2.0 chip.....does Linux automatically use it for storing your security key for encryption/decrypt operations??
no
you need to generate and store the keys manually as far as i know.
There's also the issue of if you need to read the drive in another computer.
How well does it work with the cloud? I use Nextcloud for my files and that allows me to access them on any PC or on my phone. I worry that will get messed up.
My tech graduate landlord asked me the other day if my PC is encrypted (almost out of the blue - almost) and now I am paranoid as heck.
I'm unsure, but I don't think that it would be a problem. Because what you're doing with NextCloud is uploading from your drive, not sharing the drive itself.
@@TheLinuxCast thanks. I'll practice on a 'throw away' partition I set up. scared.
@@genkiferal7178 Probably a good idea. I'd also make sure you back up everything often. Just in case.
Linux itself might be pretty immune to malware attacks and stuff, but noting in ever stopping someone with real life access to your machine from just simply mounting and chrooting into your system from a live usb.
It's called a door lock.
@@amosnimos my roommate has broken into my room in the past and my lnadlord come in a few times when I wasn't home
doesn't a BIOS password prevent that?
@@genkiferal7178 Yeah it can restrict people from going in the boot menu but then you can still take the drive out and put put it on a different machine. Or just set the init to bash and copy everything to a thumb drive. This is why encryption is important
@@fossware great point. I'll be doing a lot of researching/reading and testing over the next week.
I've tested both Luks and VeraCrypt on a USB in the past (Luks on Kali).
My main concern is that all of my files are on Nextcloud on 2 PCs (one has an SSD and HDD) and one or two phones. Makes no sense to only encrypt one PC, but I am also very afraid of messing up my sync, which I've done before . I also bought a Raspberry Pi and had hoped to set it up as a server, so that complicates things further.
This project looks like Mt. Everest to me.
4:39 if there was a way to recover the data without password& recovery code, then a hacker could use that same method to retrieve it
So, assume you are logged in and using your desktop. If someone (you or another user if you are running multi-user setup) ssh's into your system do they see unencrypted files
Yes. once you’ve entered that password, everything is un encrypted.
If I encrypted my disk on Linux Mint will it interfere if I plan to uninstall Linux and install Windows again?
I'm assuming that when you reinstall Windows you'll be wiping your disk? If that's the case, then it won't matter. If you're talking about dual booting, I think you can do it as long as you're installing Linux second so that it controls the boot loader. Otherwise WIndows is going to grab ahold of that and not even see your Linux partition. I haven't dual booted in years, so IDK how your experience will be. All I can say is make sure you back up you data.
If you're installing Linux onto an SSD, which file system would you use?
Whatever you want.
Btrfs
Btrfs for the snapshots
It just prevents someone from easily seeing your data without the passcode. Make the passcode strong and they won't get in.
Encryption yes! Backups encrypted yes!
Can you tell me how to remove it ?? I know my key but just wanna remove it
From a quick google, it looks like it cannot be removed.
@@TheLinuxCast bruh what do i do now welp i ma format my linux ig
BSD Coughs......
Linux is secure, but i believe FreeBSD OpenBSD is more secure. Thx for the video
Yees
keep in mind its just more private but never secure none of it is secure just private
Linux is not the most secure system lol that would be openbsd
“Linux is secure. I don’t understand it. It’s secure through obscurity because not many people understand it”
Bro don’t make a long as video when all you know is how to read through an installation wizard.
Average Linux user
Typical TH-cam commenter. Oh. I mean troll
Thx for deleting my post.
I didn't delete it. Did you get caught by the YT spam bot?
en.wikipedia.org/wiki/Amber_Midthunder