Announcement

Collapse
No announcement yet.

Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

    Phoronix: Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

    Fedora Workstation developers and those involved at Red Hat have been working to improve the state of disk encryption on Fedora with a end-goal of possibly making the installer encrypt systems by default...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Is this Btrfs fscrypt equal to LUKS/LUKS2?

    Comment


    • #3
      Originally posted by _r00t- View Post
      Is this Btrfs fscrypt equal to LUKS/LUKS2?
      AFAIK it's more akin to ZFS' native encryption which is on a file-basis, allowing more flexibility in terms of what gets encrypted and with which key (allowing each dataset to be encrypted by a different key for instance) at the cost of leaking metadata in comparison to full-disk encryption (aka LUKS).

      Comment


      • #4
        I'd like to see Ubuntu enable encryption by default too. Whether we like it or not, it's kind of the "default" Linux that most people start with, and more security by default will benefit a huge amount of people and the ecosystem as a whole.

        Comment


        • #5
          This is just one more nice thing Fedora and other distros can do to help provide great defaults easily to new users. Imagine one day you could pop a USB with Fedora or Ubuntu into your technophobic uncle's old computer, and after a one-time process that's as easy as signing in to one's e-mail, it just works without fuss and runs all his stuff, and it's easy and secure.

          It would give back a lot of people some choice, privacy, and control, and it could really help the Linux community grow.

          Comment


          • #6
            I guess. But they better make it easy to mount in liveboot and recover. Linux distros have a hard time mounting ntfs drives and network locations still in 2023. Currently it's working on my pc, but I know fedora failed last I used it.

            Comment


            • #7
              Originally posted by dylanmtaylor View Post
              I'd like to see Ubuntu enable encryption by default too. Whether we like it or not, it's kind of the "default" Linux that most people start with, and more security by default will benefit a huge amount of people and the ecosystem as a whole.
              They definitely shouls though i do wonder by how much theyre still the default these days. There arent that many places stil singing their praises like in the old days, or at least not to the same degree. Im not tied into the newbie scenes these days so im not sure whats bouncing around the schools but a lot of the discussions i had with friends who were new to linux over the last 5 years tended to be more the more system tinkery/gamer sort that tried a variant of Arch

              Comment


              • #8
                Some benchmarks on this & comparable ones in the future would be really appreciated.

                Comment


                • #9
                  Originally posted by fong38 View Post

                  AFAIK it's more akin to ZFS' native encryption which is on a file-basis, allowing more flexibility in terms of what gets encrypted and with which key (allowing each dataset to be encrypted by a different key for instance) at the cost of leaking metadata in comparison to full-disk encryption (aka LUKS).
                  ZFS encryption is not done on a file-basis. It encrypts all data inside of the dataset. However, information such as the dataset name, snapshot names, and dataset properties does not get encrypted. By looking at the data that's not encrypted, you can see how large the dataset is and get an idea of how much data is changing between the snapshots. But you cannot see things such as file counts or directory structures. Their method allows for some interesting abilities like sending and receiving snapshots without decrypting them.

                  It will be interesting to see how the encryption implementation of Btrfs compares. Hopefully it's not on a per-file basis, but I think their send/receive ability streams changes at the file level so it wouldn't surprise me if it is.
                  Last edited by Chugworth; 04 April 2023, 01:37 AM.

                  Comment


                  • #10
                    Uh, do we have an ETA for btrfs based encryption?

                    Comment

                    Working...
                    X