How an Encrypted Hard-drive Works

Have you ever heard “you should encrypt your hard drive” on a technology video channel? What does that even mean really?

How an Encrypted Hard-drive Works

Encrypted Hard Drive?


Have you ever heard “you should encrypt your hard drive” on a technology video channel? What does that even mean really? Doesn’t the Linux operating system have a user password? Is that encryption or protection?

Let’s break it down:


Remote Attacks

User passwords on the operating system, protect you from hackers over the internet. The password provides a safeguard against anyone accessing the operating system or system resources remotely.

In-Person

But a password for a user on the operating system does NOT protect you against someone in person pulling the hard-drive out and opening the files using a different operating system.

Hard-drive encryption prevents an in-person attack. If an attacker were to pull the hard-drive out and access it with another operating system, then it would still be encrypted and require the password. This type of protection is also referred to as “disc encryption” or “full drive encryption.”

Which is Better?


Here at Simplified Privacy we recommend you have both types of protection. It’s easy to setup. Many Linux distributions will ask you (when you first install and set up the operating system) if you want to encrypt the drive. Then they may or may not give you the option to pick a completely separate password for disc encryption vs the operating system user.

For example, on the Linux distribution Debian, they will ask you for 2 separate passwords. But on OLD versions of Linux Mint, it used to be when you picked the option to encrypt the drive, it automatically made your disc encryption password the same as for the user login.

Forgotten passwords


If you forget your operating system password, you can recover from this. You can enter the operating system by other means to reset it. But on the other hand, if you forget your LUKS hard-drive encryption password, then you’re screwed. There would be no alternative way to get in.

Different passwords


On a Linux distribution that does allow for separate passwords for operating system vs disc encryption, you should take advantage of this opportunity and use different passwords. This will make it incredibly difficult for anyone to access your files without your authorization because they’d have to crack 2 passwords.

$5 wrench


In the cybersecurity industry, there is a term for using low tech methods to break into files called the “$5 wrench.” From an academic perspective, a computer system or file encryption may be secure from a technological hack, so the user may get an overly confident sense of security that he or she is invincible. But encryption can’t provide protection from an attacker drugging the user and beating them with a $5 wrench until they confess the password.

Because of the $5 wrench threat, always consider what the effects of someone demanding the password or breaking the full disc encryption are. This is one of the reasons to consider also using Veracrypt for computers and the Duress app for phones for additional protection.

Update:

GrapheneOS added native support for Duress into the OS.

We will cover Veracrypt in our next article found here

Subscribe

You would get a lot out of subscribing for free to our new content by email, by Session messenger, via RSS feed, our Ethereum push notification channel, or on Nostr.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push

Related Posts

After this court ruling, EU Chat Control is dead

After this court ruling, EU Chat Control is dead

Politicians eat their own their bullshit with this court ruling.

[SP]

Feb 16, 2024

VeraCrypt is Monero’s best friend

VeraCrypt is Monero’s best friend

I’m recommending KeePass files with your Monero seed phrases

[SP]

Feb 4, 2024

Veracrypt for beginners

Veracrypt for beginners

Full disc encryption does everything on the computer’s drive, whereas with Veracrypt, you can encrypt just a group of files

[SP]

Jan 1, 0001