OpenBSD users, can you tell me your experience of full-disk encryption on a SSD?

Is the encryption overhead noticiable compared to plain SSD? Or is it as slow as HDD?
How often have you lost files due to a poweroff letting your partition on an inconsistent state?

#openbsd #ssd #fde #DiskEncryption

@darkling @nicholasr @nixCraft #btrfs does indeed support swap files, they problebly work fine, they are just very unorthodox and therefore difficult to setup.

The swap file you would use if you want #diskencryption, in theory at least...
#diskencryption brings mé more issues than what's worth!

#Linux folks who #encrypt; Do you encrypt everything, or just your /home partition?

#Poll #Linux #DiskEncryption #Encryption

In this blog, I have demonstrated step by step instructions on implementing Azure Disk encryption for VM disks.

https://medium.com/@samarasams/securing-os-and-data-disks-with-azure-disk-encryption-and-key-vault-policies-a65f8ed1cea3

#DataSecurity #DiskEncryption #CloudSecurity #AzureDiskEncryption #AzureSecurity #Azure #Cloud

From #Debian 13, would you use VeraCrypt or ZuluCrypt to create an encrypted disk accessible from any OS ?

Veracrypt hasn't released a .deb yet for Debian 13, so the generic installer must be used. Not sure how well it's supposed to work.

#DiskEncryption #VeraCrypt

My new video about VeraCrypt just released on @tilvids
From this video, you can get familiar with VeraCrypt, the encryption technology it uses, and how you can use it to create file containers and encrypted partitions

https://tilvids.com/w/9dA17zsidWVMU5eHc8i8WP

#VeraCrypt #Encryption #DiskEncryption #Security #TechVideo #OpenSource #OpenSourceSoftware #FOSS #ContentCreator #FosseryTech

Secure Your Sensitive Files with VeraCrypt

https://tilvids.com/videos/watch/428afd2d-167b-46a4-9a1f-91ee5cd75f1f

So. Linux 🐧

My PC runs Linux (Fedora) and with the current gen Hardware in it the ancient old Question pops up again: Full Disk Encryption or not?

At least some ciphers should be HW-accellerated (AES-SNI). But then there is the hassle of entering the password. And the annoyance.

But on the other side...

What do you guys think?

#linux #encrypt #encryption #diskencryption #security #admin

"A swap file can be used to reserve swap-space within an existing partition & may also be setup inside an encrypted blockdevice's partition."
So all I had to do is make sure swap file is setup in fstab & just point all resume=UUID= to the UUID of primary partition where the #swap file is & that is it. my brain exploded🤯 from how easy it was.
p.s. reminder to anyone doing #LUKS it is only as good as the password you pick so pick something good!
#CryptSetup #Linux #LVM #hibernate #DiskEncryption

Long ago when I was installing #Kali #Linux on my #Dell Latitude E5570 #Laptop
I went with LVM on LUKS https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
& at the time I thought I'd go with a swap file on / (I was unaware of Swap crypt🙄)
I was never able to get hibernate to work, until now😀...
Let me say many websites & forums all say if you want hibernate to work on LUKS, you have to go with swap crypt.
Not true, if you read https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption#Using_a_swap_file
#CryptSetup #LVM #LUKS #SWAP #hibernate #DiskEncryption

Thanks for all the suggestions and links.

I will try putting a new / temporary key into the initramfs just for while I am out of town - the chance of power outage is higher than the chance of burglary.

I'll remove the temp key and rebuild the initramfs after I get back home. Normally, I'm in front of the computer when it reboots, so entering the password manually (as I've been doing for a few years) is fine.

#DMCrypt #DiskEncryption #Linux

Is there a good way to have a #Linux server reboot unattended when the root partition is dm_crypt encrypted? I'm not super worried about bad guys being physically present. More just worried that a power outage might initiate a reboot while I am not present.

Is including the key file in the initramfs (correct terminology?) that horrible a thing if physical access to the machine is not a concern?

Thoughts or advice?

#DMCrypt #DiskEncryption

How to Migrate from TrueCrypt to BitLocker

https://techdirectarchive.com/2023/03/30/migrate-from-truecrypt-to-bitlocker/

#Bitlocker, #DiskEncryption, #Drive, #DriveEncryption, #Encryption, #MigrateFromTrueCryptToBitLocker, #TPM, #TrueCrypt, #TrueCryptToBitLocker, #TrustedPlatformModule, #Windows

Full disk encryption with LUKS?

https://security.stackexchange.com/questions/269324/full-disk-encryption-with-luks

#penetrationtest #diskencryption #linux #luks #grub

How to protect files in use on a system powered on from physical theft or tampering?

https://security.stackexchange.com/questions/269251/how-to-protect-files-in-use-on-a-system-powered-on-from-physical-theft-or-tamper

#diskencryption #fileencryption #physicalaccess #encryption #linux

AEAD: Authenticating a digest of my data instead the data itself

https://security.stackexchange.com/questions/269129/aead-authenticating-a-digest-of-my-data-instead-the-data-itself

#authentication #diskencryption #fileencryption #encryption #aead

(1/2)

#Linux #DiskEncryption I want to check that I'm thinking about this in a way that makes sense. Context is a laptop with a #LUKS partition.

I see a lot of how-to articles floating around about using #tpm2 for LUKS decryption on device boot.
I understand that this gives convenience over a separate passphrase for decryption and still prevents:

An adversary from removing the hard drive when your machine is off and decrypting it (because the adversary won't have the TPM to decrypt).
An adversary from modifying anything in the secure boot chain and accessing a decrypted drive (because the device will then refuse to boot and decrypt the LUKS partition).

Fast cipher without needing hardware support (like ChaCha20) for disk encryption

https://crypto.stackexchange.com/questions/103677/fast-cipher-without-needing-hardware-support-like-chacha20-for-disk-encryption

#diskencryption #chacha #arx