[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Linux Security
- To: sheflug@xxxxxxxxxxxxxx
- Subject: Re: [Sheflug] Linux Security
- From: "Matt Marsh" <matt@xxxxxxxxxxxxxxx>
- Date: Tue, 09 Jul 2024 12:08:33 +0100
- Delivery-date: Tue, 09 Jul 2024 12:10:44 +0100
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sheflug.org.uk; s=default; h=Sender:Content-Transfer-Encoding:Content-Type: Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject: To:From:Date:References:In-Reply-To:Message-Id:MIME-Version:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=rmrTGFnvS2sRMbk/ZXC4X6V6ovsEVW5vsIHDxOEmUKc=; b=NRRxEwdWZzPwKuCO75EV93qjWw 6Sl8flJpZFxj2B9HsP6TyvXTPFZEuZ9CcgDh+C6Uea87PXzQjqOWO1Q0f++XTsglhS1YD0gAhmmGN 3m5z97ERD7OUF73SUJv+4M9X3dY50L09cy3QeEOb8iMGTcvueTMRJqr2OE8gEKfAdva74Znt1DHF6 /6qNs6Kyzz1qj8jKRezctJ9hIY+QQ7KibSOMiDGGwKAnFTLEPaskn33P93qqAYrcZdjZk+goAJ/P9 KFbxQkRdAPNPJmGHJQHnr2dLv+Cw/Hn3P7JajGxgDyUNMhk2U3Jf2bBRnZz7GYfZKutSWslSvUQpm P9ROVcXw==;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=crazedbytes.net; h=cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1720523362; x=1720609762; bh=93syKLV/1z cNy7g9EIbRy4FjiAfO76K6sHgZudwjQpE=; b=VGYE5Ci8vcZaeAxjfwcChKsfhR JN1BaPLBznyBv6VAIpsKmjffWT6KWuWJbgwbsCNZuTuVsxW+/YtzFys6cDL5olEm c57gpU61t1Xi/EHeqpoGMaUkqjM07bo7KowvfQvuB3cwIIC5+u2T1sITUB30SHnH d9kg4rzQlecjv4VnRi37Qqgfz8c2xMNRes6omo7f2zbJn7PgVNKVSw6C9j3kieWm 7u/BxYzNkdNU1DbCBXWMKZ3QGqBV5rj3O0jVV41ZhNoV9UqqVPRzVOR7QT89FF8h ABapKmTUhGoQh6JdGxYtx3tf/Y+bIIgoUKI20h6olZc/u7DNoZtdS2hkDTUQ==
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1720523362; x=1720609762; bh=93syKLV/1zcNy7g9EIbRy4FjiAfO 76K6sHgZudwjQpE=; b=L/jgsD6E8GekMURLC44xvj2cz6ULsjZuRgwj64A6yTO/ WvWZpBR/7EOPqSN+fnf/H8Pq1sxV32m7JskuhjYZk1azNiQT1ODSWj8N+ZjW2MWI ZIlWAw1bye6SxbG2ARZfAjtz3AHfD02ep/vw9eKESLc6E2IEw0Ewu/nqDmxKeOuF Sg2zrFj1ncsZNoMQhheiw1Bi8maRAaLX/dCKRV3MXcMhmbprBY9LFqhX3or2Bo+E 8pufhDSYK5M6P7JyByGOFRTjKfHeJy8mV/bFBH7zj7w7knFjQYnEsxjzcfpyVZOP nsOBj8Ui+RF9I14rb25nMU7yIKxG0K0tuxx+rub4Ow==
- Envelope-to: sheflug@xxxxxxxxxxxxxx
- Feedback-id: i1ef340b2:Fastmail
- List-help: <mailto:sheflug-request@sheflug.org.uk?subject=help>
- List-id: <sheflug.sheflug.org.uk>
- List-post: <mailto:sheflug@sheflug.org.uk>
- List-subscribe: <http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=subscribe>
- List-unsubscribe: <http://sheflug.org.uk/mailman/options/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=unsubscribe>
- Reply-to: sheflug@xxxxxxxxxxxxxx
- Sender: "Sheflug" <sheflug-bounces@xxxxxxxxxxxxxx>
- User-agent: Cyrus-JMAP/3.11.0-alpha0-568-g843fbadbe-fm-20240701.003-g843fbadb
On Mon, 8 Jul 2024, at 10:37, John Southern wrote:
> 2) Does everyone honestly use encryption on every device they own?
Not on *every* device, no. However, I do see encryption as being an important feature to use on *many* devices. As with everything, you have to weigh up the pros and cons.
For the last few years I have _always_ used encryption on my main personal computers (e.g. desktop/laptop - all running Linux). Initially, I encrypted only the `/home` partition - but nowadays I encrypt the whole drive (using LUKS). There is just too much risk that a personal computer could be lost or stolen (especially a laptop), and I wouldn't want someone being able to easily just read all my documents and other files.
I'm thinking of getting a new personal laptop soon - I will likely opt for a hardware self-encrypting drive in that. These are now pretty affordable (£35 upgrade on a 1TB drive for the laptop I'm considering), and I assume to be more efficient than software-based encryption.
For some business systems, the physical security of a data centre etc. might mitigate some of the risks of theft - but some clients I've worked with required us to confirm that data is encrypted in order to satisfy their own data protection policies.
Whatever the scenario, you need to ask the same questions:
• What is the likelihood of theft?
• How much would you care if someone accessed the data, should it be stolen?
• What are the costs/effort to implement encryption to mitigate it?
I don't bother using encryption on every device I own. I don't encrypt a Raspberry Pi that I set up to play around with for example - but I'm aware of that and won't put any personal data on it. For personal machines that you store personal data on though, encryption is just a no-brainer decision for me.
You mentioned that you have a concern about your whole data being dependant on the small part of the drive where the keys are stored. I understand the concern, but these days SSDs rarely fail - and if they do, it is often all or nothing. It's not quite the same as in the days of spinning platters. And of course, you should have an adequate backup strategy in place for these sorts of eventualities anyway...
Just my 2¢
Matt
--
*Matt Marsh*
matt@xxxxxxxxxxxxxxx
07795 297779 <tel:+44-7795-297779> / +44 7795 297779 <tel:+44-7795-297779>
_______________________________________________
Sheffield Linux User's Group
http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
FAQ at: http://www.sheflug.org.uk/mailfaq.html
GNU - The Choice of a Complete Generation