Announcement

Collapse
No announcement yet.

Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    I don't really know much about disk encryption so excuse my ignorance, but does it have any security benifits if I'm on a desktop PC?
    Also, does it impact performance in any way?

    Comment


    • #12
      I'm 100% against encryption being enabled by default.

      Why? Forgetting your encryption password or simply dying unexpectedly (which unfortunately happens to people) results in losing all the data. Far too many people never bother making backups, and in a perfect world you must have at least two copies of the data in physically separate locations.

      Those who understand the risks could have enabled encryption for years if not decades.

      Comment


      • #13
        Originally posted by user1 View Post
        I don't really know much about disk encryption so excuse my ignorance, but does it have any security benifits if I'm on a desktop PC?
        Also, does it impact performance in any way?
        Benefits? Your peers cannot see your data, your porn habits, etc - that is of course if they cannot sniff out your password which is all too easy if you live with someone.

        All the x86 CPUs released in the past decade support HW AES encryption/decryption, so the performance impact is minimal.

        Comment


        • #14
          Disk encryption by default is stupid, so many people lose valuable information due to not knowing the potential ramifications of it. FDE should only ever be used when you care about protecting the information on it, at the risk of loosing it all. if you aren't willing to loose all the data on the machine, dont use FDE. it sucks when you need to tell someone they lost valuable pictures that could otherwise be recovered due to things like FDE. and ofc someones going to say "just backup" but I havent actually ever seen normal people do it.

          I highly discourage anyone who doesn't actively need FDE from using it. solutions like veracrypt are often good enough

          Comment


          • #15
            Originally posted by Turbine View Post
            I guess. But they better make it easy to mount in liveboot and recover. Linux distros have a hard time mounting ntfs drives and network locations still in 2023. Currently it's working on my pc, but I know fedora failed last I used it.
            It's a must, because not everyone wants to play with terminal. When comes to ntfs it's not Linux file system, so it doesn't matter at all. However, Linux mounts ntfs just fine since years. Currently it even works without FUSE.

            Comment


            • #16
              Originally posted by avis View Post
              I'm 100% against encryption being enabled by default.

              Why? Forgetting your encryption password or simply dying unexpectedly (which unfortunately happens to people) results in losing all the data. Far too many people never bother making backups, and in a perfect world you must have at least two copies of the data in physically separate locations.

              Those who understand the risks could have enabled encryption for years if not decades.
              Sensible deafults are hard to set.

              If I'm not wrong Android and Apple smartphone enable encryption by default nowadays (or at least they ask during the first poweron) so people should be more or less used to the concept.

              Beside what Fedora team will decide, I think the most important thing to do is try to communicate in the clearest possible way what is going on so that the user can enable encryption or not knowing what he is doing.



              Comment


              • #17
                Originally posted by avis View Post
                I'm 100% against encryption being enabled by default.
                Yeah, those that doesn't understand the implications of encryption will most likely do something stupid and then complain in a forum.

                Although I'm using FDE on all my devices since a long time, I would never encrypt disks for people without them explicitly asking for it. It even has potential to degrade your SSD faster (no trim with LUKS's standard settings).

                Originally posted by cynic View Post
                If I'm not wrong Android and Apple smartphone enable encryption by default nowadays (or at least they ask during the first poweron) so people should be more or less used to the concept.
                But what they also do is backing up your data in the cloud, so if something goes wrong most data is not lost. I wouldn't want my data in a cloud because that potentially gives everyone access to them and questions the benefits of encrypting in the first place.
                Last edited by Anux; 04 April 2023, 04:02 AM.

                Comment


                • #18
                  Originally posted by Anux View Post
                  But what they also do is backing up your data in the cloud, so if something goes wrong most data is not lost. I wouldn't want my data in a cloud because that potentially gives everyone access to them and questions the benefits of encrypting in the first place.
                  I do agree on that.
                  I just wanted to say that maybe people are getting used to the concept of encryption and its implications.

                  Maybe it's too early to enable it on default, but just asking is a good thing.


                  Comment


                  • #19
                    I always use FDE when installing Fedora. The downside is that offline updates ask for the password, which is incovenient. Btrfs encryption method hopefully allows to avoid that.

                    Comment


                    • #20
                      So does this FDE avoid having to type the password twice? I tried Fedora and OpenSUSE with FDE in a VM and both of them required me to enter the password twice - in Grub and then again in SDDM.

                      Comment

                      Working...
                      X