New-ish to Linux. I have a few questions but it’s best if I dedicate each question to a single thread.

On Windows, I use Truecrypt.

Doesn’t work for FDE on Linux.

I am planning on using this tutorial to encrypt my Linux install on either Linux Mint or Elementary OS.

Anyone know if it will work? And whether or not I can trust that it doesn’t have back doors?

Also, any tips for me before I get started on encrypting it? And how would I need to create the partitions? I have heard I can’t just partition a single partition as root and leave it at that, and I have to partition /boot separately as /boot doesn’t get encrypted. Is this true?

Btw why does the tutorial use “backup2” - what is backup2 for and why the 2?

Can you choose whichever name you want? A more appropriate one would be “LinuxInstallation” for example.

And no offense intended to the moderators but why is every single post of mine being approved first? It’ll take ages this way for me to get support.

Once one of your posts is approved your others won’t require it … it’s just FIRST post approval that was stalling your posts.

Currently I’m having interweb connection issues, which is why it’s taken me a while to get aroung to approval … sorry about that, but it’s beyond my control … ever tried to get Sky off their asses to fix a line issue, they’ll have you running around like an idiot trying to prove it’s your kit before they’ll do anything ::slight_smile:

Full disk encryption - Personally I can’t see the point,it can cause MAJOR headaches with problem solving, and does it really matter if someone can discover what apps you have installed ? … surely as long as your USER data is encrypted so it’s unreadable by anyone that gains physical access to your PC that’s enough … do you really need to encrypt the libreoffice binaries and such ?

Full disk encryption is quite useful for laptops, or if you leave your workstation in an insecure location … open plan office and the like. Encrypting /home/user is Ok for documents, but if your machine is on a secure VPN for example, the configs for that will be outside of /home, and really if someone nick’s your machine, exposed VPN keys (etc) are a bit of a risk.

If you install Ubuntu workstation from scratch, full disk encryption is a standard option. I run it on my laptop, you take a performance hit, but apart from that it works fine.

In terms of back-doors, if there were any “known” back-doors, they would have been fixed (!) , but if you’re worried, you (as many security researchers before you) can go through the source code and check if you wish … :slight_smile:

I’d still be more inclined to do something like put the VPN configs in my home folder, symlink to them, and if necessary restart the VPN after the encrypted home is mounted … sure there are scenarios where FDE may be the easier/better option, but if/where possible (and that includes the majority of non-business machines) I’d go out of my way to avoid it.

Maybe it’s a personal thing but I hate taking a performance hit unless it’s 100% necessary … and I’m personally not inclined to make system troubleshooting/fixing any harder than necessary.

A "vaguely"similar discussion can be found here:

which was prompted by this article:

I’m kinda with Linus (now there’s a first) and the people in the comments section that suggest security is most often a secondary issue to usability/performance/stability … not to be ignored but neither a goal in its own right.

Sure, I’d agree with all that, however there are instances where relying on ‘everyone’ to get their config right, ensure that everything is symlinked into /home etc etc, isn’t really ‘safe’. For example I worked somewhere last year where full-disk encryption for all users (all users were obliged to work on laptops) was mandatory. Given what people needed to keep on their laptops for the work they were doing, albeit I really didn’t want the performance overhead, I could sort of see why they insisted on it … and I must admit if I were them, I’d have insisted too …

Just out of interest, iOS also has a full-disk encryption option as a standard feature … dunno about Windows (?)