Pinterest MobileAppPage Stumbleupon Whatsapp
Ads by Google

encrypt linux partitionPopular Linux distributions make it pretty easy to encrypt your home folder or even entire partitions if you’d like, without many issues. This is a great option to have if you’re someone who needs their data, whether it’s the home folder or entire partitions, that need to be encrypted. In most cases, all you need to do is select a check mark, and it’ll take care of the rest.

But some people select it just because it sounds like a good option to have (and it can be) and they don’t think about what kinds of consequences might result from such a move later on. By now you might be asking, “What? How could encryption possibly be a bad thing?” Well, here’s why.

Recovering Data Is Harder

encrypt linux partition

In the event that something in your system has screwed up, whether it be the operating system or some hardware part except the hard drive, you’ll more than likely want to get the data off your hard drive and move it to a more practical place. For data that isn’t encrypted, this can be easily done by running (at the minimum) a Linux LiveCD Windows Users: Here Is Why You Need A Linux Live CD Windows Users: Here Is Why You Need A Linux Live CD Read More on any other computer, connect the hard drive to that computer, and then start moving your data. With your data encrypted, it’s not as easy as 1-2-3.

You’ll first have to search for some instructions on how to get past the encryption manually before you can reach your data. I can almost guarantee you that there aren’t any graphical tools that will do this, so people who aren’t comfortable with terminal consoles Top 3 Sites to Help You Become a Linux Command Line Master Top 3 Sites to Help You Become a Linux Command Line Master Read More will have a difficult time.

Did I Mention Recovery Is Harder?

encrypt linux hard drive

Ads by Google

Speaking of systems that suddenly screw up, if your entire partition is encrypted you’ll have a harder time running recovery techniques on your system when needed. For example, if your system loses power as it’s installing a newer kernel, and the master boot record or its configuration files become corrupted because of the sudden loss of power, you’ll need to run a recovery disc and enter in commands in the hope that it’ll return to normal.

While recovery alone isn’t the easiest thing to do for Linux novices, doing a recovery on an encrypted Linux system will be even harder, again mainly for the reason that it requires extra steps that cannot be classified as “beginner-friendly”.

Possible Performance Impact

encrypt linux hard drive

Another item to note is that encryption may not be the best performance option for very low-powered devices. I know, plenty of devices today are definitely powerful enough to deal with encryption with negligible performance impact, but once you start looking at netbooks and older low-power devices, the performance margin suddenly decreases.

As netbooks are already slow enough (generally speaking) while running almost any operating system, you’ll want to try and get more performance out of devices like those rather than bog it down with encryption.

Use Something Better

encrypt linux partition

Last but not least, do you really need to encrypt vital system folders or partitions to protect your data? I’m pretty sure that most common users don’t have an entire hard drive full of data they want to encrypt. Instead of using such a large encryption scope, you can much more easily create TrueCrypt containers How To Make Encrypted Folders Others Can't View with Truecrypt 7 How To Make Encrypted Folders Others Can't View with Truecrypt 7 Read More and place all of your data in there.

This is beneficial in that it only encrypts what you need to encrypt, it doesn’t make recovery-type actions any harder than they already are, and it doesn’t impact your computer’s performance whenever you don’t have the encrypted container mounted. Simply put, encryption is good, and this is the best way to do it.


As always, what you end up doing is completely up to you. If you feel that you need to encrypt your entire home folder or even your whole partition, go ahead as long as you’re aware of what might be facing you on the other side. However, I still recommend that people who are unsure or are new to Linux should keep their stuff unencrypted and only use a TrueCrypt container if they feel encryption would be helpful.

Did you enable encryption on your Linux partitions? If so, is there anything you’d like to add to this article or dispute? Let us know in the comments!

Image Credits: Hard Disk Repair via Shutterstock, mpolla, Waiting To Connect via Shutterstock, Gustavo Gerent

  1. Common_Sense
    December 30, 2016 at 1:12 am

    This is irresponsible drivel. FDE helps to ensure the integrity of the system as well as protecting the logs and caches you wouldn't think* you'd need to encrypt.

  2. Jacques
    December 28, 2016 at 6:12 am

    don't agree with you at all. encrypted a full disk allows you the freedom to store anywhere, and not constantly think about what is and what is not sensitive data. should anything go wrong, that's why you have backups, right? you do have backups, don't you?

  3. en-su
    November 20, 2016 at 2:48 pm

    I made 16.04 encrypted...whole partition, but have ssd drive. I did not noticed any "slow down". Swap is 0. Trim is active. Most of "funky" aplications removed include start up aplications. It is good to leave one old karnel just in case the new one will experience problem. No automatic updates, no buckup. Almost "everything" is managing manual by myself with full control. Cache, maintanance, clean up or remove I'm doing from terminal from time to time. I must admit that about 40% of "funky" aplications has been removed from the system and my laptop is still very fast.
    I agre that encrypttion with out as above might make a problems. For me the security and privacy is as FIRST. Today all your activity and data can be "seen by Big Brothers" if you have no encryption. What ever from your personal details will be "taken over" by the will stay in internet forever even after you die.

  4. rana
    July 3, 2016 at 5:08 am

    TY NSA!

  5. Linus
    June 29, 2016 at 4:52 pm

    I would agree with most of that, but you should help readers understands the cavets. For example, if you are carrying around Linux on a USB stick (something very easily left behind or lost), encrypting the entire system would more than make sense. Also, encrypting the system is not necessarily a protection against unauthorized read but also unauthorized write (vis a vis malware, spyware, planting incriminating evidence, etc.).

    • Cruithni
      July 6, 2016 at 3:45 am

      Precisely Linus. If one of the hoard of Pentest malevolents with the integrity of a hungry Anaconda, and they are everywhere, manages to get a ride on SMTP or something, it is far harder for them to really ruin things. They then usually they will then usually throw in a largely harmless DoS attack at you in frustration and you then know you've burleyed up a Twerp somehow. (and I'm convinced 90% of the Shutdowns attributed to Graphic bugs in the Kernel are in fact another type of misanthropic little bug entirely, that have made many peoples lives a misery for years.They turned what once was respect for study and skill, into a psychotic urge to kill.)
      Complete encryption is not so much good for protecting files, which it is peerless for, as it is a simple but effective security measure for inexperienced users, and basically because 95% of the human race are malfunctioning units by design.

      • Cruithni
        July 6, 2016 at 3:49 am

        Sorry really bad typo in there, but you'll still grok the gist I hope. Just as in the real ones, Its a manufactured reason to exist for Grammar Cops :)

      • Dicken Buhtz
        August 14, 2016 at 4:23 am

        100% of the human race, chief. I'm sorry, but neither you, nor any other human being is infallible.

  6. what the crab
    June 28, 2016 at 10:08 am

    "Use something better than full-disk encryption ... like an encrypted container ... (that protects you from absolutely nothing in case your computer is stolen)"

    Thanks NSA!

  7. janny
    January 21, 2016 at 3:44 pm

    +1 for Stefan

  8. karol
    December 26, 2015 at 11:05 pm

    hahahaha, lol, truecrypt:) NSA hi!

  9. Jimbo
    December 26, 2015 at 7:39 pm

    Thanks NSA!

  10. Chris Scott
    November 4, 2015 at 9:15 pm

    The worst piece of advice on the internet!

  11. stefan
    May 10, 2015 at 6:51 am

    Dear Dan,

    I used to have similar opinions about FDE; however, now I've substantially changed my mind.
    I use FDE on my ASUS netbook which serves as file/print server and runs owncloud accessible from anywhere and syncing my devices. Performance impact is neglectible, and the only thing I need to do is enter the passphrase once on bootup.

    So what are IMO the pros for FDE?

    - There is something dangerous about the idea of 'just encrypting sensitive data':
    Point is that your system needs to be able to access this data somehow, and unless you do not protect it with an extra password user tend to store sensitive credentials permanently in the unencrypted part of your hard disk. It will be easy to find it there and access all sensitive data.
    - It is somewhat difficult even for me to decide instantly if something is 'sensible' data or not and with FDE I simply do not worry about it.

    One thing though is that it is far more important to think about the data security aspects of a running system than if the system has been powered down.
    I do not power down my laptops often, just put it to sleep mode. Then it is just protected by the main users system password.
    So I assume with special hardware it would be still possible to steal data from the live laptop system.

  12. know one
    January 26, 2015 at 10:29 am

    you can use something comprimised like truecrypt!

  13. Ivan
    October 7, 2012 at 7:52 am

    Scenario: Buy new hard drives say six. Even though the reviews for HDD nowadays are terrible seeing as the companies don't seem to care for them anymore. Stick all the stuff that people wouldn't want others to have access to.
    Encryption keys ?, money related documentation, porn, private family/friends pictures/videos/chatlogs/etc., other personal information, work documents, etc.
    Don't bother encrypting it after a week click click click. Return the drive. Oh hey you've just sent someone a hard drive full of everything you didn't want anyone to see. Success!

  14. Michael
    September 30, 2012 at 2:00 am

    You do need to encrypt the entire hard drive, or at least the entire partition, and the reason behind that is the complex amount of logs a computer holds, from /val/logs and /home/user folders to many other places, including time stamps of when every file was accessed and modified on the computer.

  15. Jus0c
    September 22, 2012 at 5:44 pm

    Very good article but I would disagree on the potential for system impact, I've used the LvM2 with AES256 and the performance impact was not noticable or negligable on a machine with 2GB of ram and an old AMD AthlonXP.

    It makes recovery harder you say, isnt that the whole onus of the idea of using it in the first place?

    However I must rate you on your choice of encryption software being Truecrypt instead of bit locker.

    Bit-Locker might seem really cool but heres the low down for people not in the know, Bit-Locker encryption is pointless because with one or two simple command's anyone can defeat it and retain anything you nievely believed it had secured. To obtain the recovery password for volume C: simply issue the following command on any Bit-Locker secured system at the command prompt:

    manage-bde.exe -protectors -get C: -Type recoverypassword

    However I should point out Truecrypt containers can also be broken with a brute force tool called Truecrack but they would have to be able to load a list of passwords on the off chance yours is amongst those in a brute force dictionary file or try to recover the password from a LIVE system using a tool called Memory Dump.

    A choice of encryption with Serpent-AES-Twofish along with SHA512 is ample protection from everybody.

    Although some anti-forensic tools have legitimate purposes, such as overwriting sensitive data that shouldn't fall into the wrong hands, like any tool they can be abused and used a weapon to invade the end users privacy. So for the truely paranoid you would also use a whole host of other features like Security Certificates with RSA at around 2048 Bit with SHA512 to secure things like correspondance and email in transit, but in truth how many people actually take the time to do such a thing? Instead nearly the majority of the planet sends all there e-Mail and correspondance in the clear which is almost akin to writting a personal message on a piece of paper, folding it in half, writting the recipients name on the back and posting it in a post box without an envilope. No one would read it, would they?

  16. Phil
    September 18, 2012 at 10:17 pm

    I think the title of your article is misleading. '4 Reasons Why You Shouldn't' should be '4 Things To Be Mindful Of' this just sounds like you are bashing disk encryption. Data recovery is not difficult on any platform at all. I taught my sixty-five year old mother how to do it in one text from the other side of the planet. I also think that FULL disk encryption should be encouraged with modern day journalling file systems and SSDs. I don't dislike your writing, please just be a bit more thorough.

  17. Aaron Wright
    September 14, 2012 at 7:56 pm

    The data recovery issue is no joke. The reason I am here in the first place is because I am reinstalling linux. After a botched SolusOS install on my netbook, I ended up stuck in the grub rescue prompt. Having no CD drive and and no way to boot took me 3 days to figure out anyway. Having it encrypted would have been the last thing I needed.

    I finally got it working though, and have a fresh (unencrypted) install of Mint.

  18. John
    July 24, 2012 at 11:19 am

    So your four reasons are recovery is hard, recovery is hard, it may be slow and containers are better.
    Recovery is hard - yes, but this is assuming you do not have a secure backup. You then say you might not have another computer to put the disk in. At this point if you are not using a LiveCD you have issues anyway. The whole point of encryption is that it is hard to get into.
    Slower - yes. But only fractionally. Not that much depends on disk access unless you are trashing the disk with a database. Other bottlenecks will exist such as bandwidth.
    Containers is an odd choice for better alternative. It is easier for me to run truecrack against a container than trying to crack a disk encryption. But that is back to recovery is hard.

  19. Matthew Bradley
    July 10, 2012 at 3:06 pm

    I use Crunchbang with full disk encryption. It makes everything simpler since the whole disk is done and as such, unlocked with the single entry of a passphrase at boot time. I also allow automatic logon of my user account subsequently, so once the encryption passphrase has been entered at power on, the next thing you know is your desktop is ready. Nice. Crunchbang is lightweight too, so I've not noticed any kind of performance degradation, unlike my works windows laptop which has been practically unusable since the day it got full disk enc.

    Detailed review by me, here

    • Danny Stieben
      July 19, 2012 at 10:16 pm

      Thanks for the link, Matthew!

  20. Ehrich
    May 19, 2012 at 2:08 am

    I get that you're a senior in high school and that you're a bit inexperienced but let me give you some advice:

    If two of your four points are the same point, you don't have four points, you have three. It sounds cute in theory, but in reality it makes you look like you really don't have much to say on the subject and are just bolstering your numbers.

    If one of your three points isn't a reason NOT to use said product but rather your reasoning to use what you think is a solution then you have two points, not three.(you would address TrueCrypt in the conclusion, FYI)

    Now, let's address why some of us encrypt our entire partitions. If you only encrypt your important stuff, only your important stuff will be encrypted so there is no question what to attack. That's why we encourage using encryption on ALL of your email. Doing so prevents anyone curious from knowing if you're sending pics of your Aunt Edna to your mother or if you're discussing your important business with your mother. By the same token, someone can't tell the difference between newly written sectors due to you updating your system(or browsing cache or a million other mundane things) and newly written sectors due to you writing your secret plans to disk.

  21. Chris Hoffman
    May 19, 2012 at 1:19 am

    Encrypted partitions may not be necessary for everyone, but certainly they're important for people that need better data security.

    An encrypted truecrypt container doesn't prevent people from reading data out of your swap partition, while an encrypted swap partition will.

    I've heard enough stories about employees losing unencrypted laptops containing important data to not want to discourage everyone from using encryption.

  22. Jon O
    May 18, 2012 at 11:27 pm

    While this doesn't directly relate to Linux I thought this story might be of use to some. My mother runs a Tax business where the main PC is a laptop. Obviously this has lots of personal data for many people and would be bad for someone to get ahold of. Now she tries to do the right thing, backups, encrypt data incase of theft/loss. I being the "IT" dept did just that. The machine is a Windows box with Truecrypt running for whole drive encryption. One day she goes to turn the computer on and it just sits there and does nothing. I look at it and find that the MBR and partition table had been corrupted. So pulling the drive and plugging into another system didn't directly do anything. She does her own backups periodically (mon/wed/fri end of day) but being that this happened on an off day (wed) all stuff done the previous day would have been lost. She was out and I was not available immediately for consult so she went to a local place I told her to consult should I be unavailable for any reason (they have people smarter than me just incase). After some work they determined a worst case scenario occured. Something caused corruption to many areas of the disk. The MBR/partition table, Truecrypt headers both primary and backup, were destroyed. Since then a new solution has been installed whereas the computer does a secured tunnel backups to my personal server which does triplicate mirrors to supplement her own local backups. My main reason for posting this is as I'm sure many of you can see, this scenario could easily happen to a user beginner, advanced, or even some administrators. I hope this helps others in protecting against a disaster scenario. I do realize this is not a typical issue one would run into but alas it is a scenario that does and can happen. I highly recommend encryption where it is feasible, I personally run Ubuntu on 2 machines using whole drive encryption with MBR/partition table backups, key header backups, and then in OS backup software doing online backups. Solutions for the paranoid is my motto these days. Anyway sorry for the long post everyone enjoy their day.

  23. Albin
    May 18, 2012 at 1:52 pm

    I like to use Dropbox to keep my netbook in sync with the desktop (and use a different service for file backup/storage as distinct from sync), but had nothing but trouble with synchronizing TrueCrypt containers for confidential data, and gave it up. Instead of synching a changed and closed encrypted container, DB creates "conflicted copies" of it. I'm able to use SyncBack over wi-fi to manage the problem, but don't know of any (free) online sync that handles encryption.

  24. Glyn
    May 17, 2012 at 10:48 pm

    I agree. Even the most sensitive data can be stored in a container. advantage here is that it is portable and recoverable like any other file. It's what I use at home for work.

    • Danny Stieben
      May 18, 2012 at 7:54 am

      Exactly! It's just easier to manage the encryption and the files within that way, IMO.

  25. John
    May 17, 2012 at 8:57 pm

    A more elegant way to access your files is to boot a Fedora live CD. If the disk is available you will be asked for your password. Also, if you don't want to partition a whole partition you can use Encrypted Virtual File System (EVFS).

    TBH I've never seen so much bad advice in one post as I have seen here. I thought the masters of FUD were m$.

    • Danny Stieben
      May 18, 2012 at 7:53 am

      EVFS? Another Fedora easter egg I never knew about?

  26. Quintes
    May 17, 2012 at 6:22 pm

    Oh my goodness.. my home is encrypted and i have some truecrypt containers on it.

  27. Mark
    May 17, 2012 at 5:31 pm

    Dan -
    I had the nightmare scenario happen to me - installed linux on an older gateway and checked the encrypt box because I was a noob to linux. Then, after 3 months, the power supply checked out. I salvaged the hard drive, but couldn't get to anything i needed. Is there a way to get my stuff back easily that you can point me to? There's nothing super critical on there that I need ASAP, but I would like to get back some stuff that I invested time in...Thanks!

    • Danny Stieben
      May 18, 2012 at 7:52 am

      It depends on what you used to encrypt the hard drive. From what you've told me, the only thing I can recommend is plugging the hard drive into another computer and running a LiveCD on that system to see if you can enter in a password. I'm not quite sure if anyone else would have something to add...

  28. old486whizz
    May 17, 2012 at 4:56 pm

    No GUI for getting data off? I plug in an encrypted drive into my PC and KDE comes up prompting me to enter a password...
    After entering the password, KDE presents me with a mount option and opens it in my file browser.

    Ubuttnu gives me the giggles. People use it and don't actually know what it means when they do these things.
    In other Linux distros, /home is set up as a separate partition by default, and encryption is done under the filesystem level (ie, only using some CPU to encrypt/decrypt - almost no IO overhead).

    Also, your "recovery is harder" is invalid. Encryption is separate to the filesystem layer (or at least it should be), meaning the only problems you have are problems you would have in all other situations. Recovery is the same.

    Look up LUKs and cryptsetup. Yes these are the command-line level I use, but they have GUI tools too.

    • Danny Stieben
      May 18, 2012 at 7:51 am

      If you're in a recovery situation and have no other computers you could use to plug in your hard drive, then there's no GUI. KDE can't help if you can't reach it.

      Additionally, people who blindly check the encryption box and forget about it will be pleasantly surprised when the regular recovery instructions they find happen to fail. While it doesn't make recovery hard for those who know a thing or two about Linux, others won't like the extra steps it will take.

      • old486whizz
        May 18, 2012 at 5:00 pm

        All liveCD/USB solutions use a GUI nowadays (gnome usually).
        Ever since Knoppix we've been able to boot into a GUI to rescue our machines - your argument is moot.

        Along the lines of their instructions, sure. Although with ubuttnu I would assume that someone has written an encryption recovery guide out there for various setups.. But then again, when you have to run a "grubby-install" or "fsck", most people would feel way out of their depth.

  29. Ed
    May 17, 2012 at 4:49 pm

    This sound like a whole load of nonsense to me. Simply do regular backups of your system and keep the encryption of your file systems for safety.

  30. Sum Yung Gai
    May 17, 2012 at 4:14 pm

    Danny, thank you for your article, even though I disagree with the premise in it. I'd like to provide another view.

    The concerns you raise about recovery are valid. The solution to that is to have something like an encrypted storage volume (e. g. a USB hard disk) that has a backup copy of everything. Given the low cost of high-capacity USB hard disk drives nowadays, there really isn't an excuse anymore like there might've been years ago.

    Now, why should the data be encrypted? Simple: privacy. We as people have a natural right to privacy, be it from thieves, governments, or other prying eyes. You might have something on your computer that might embarrass you later on. You might not. Either way, as long as you're not hurting someone else, it's none of my or anyone else's business--only yours. Today, strong encryption is the best tool to ensure that privacy.

    Furthermore, enterprises have a real need to ensure that data are protected. If a laptop gets stolen or lost, you don't want *anything* to be able to be read and interpreted off of the thing. Typically, enterprises have backups of data stored in locked vaults full of tapes or other backup storage media. Therefore, should a disk drive actually go bad, you don't need to try to read from that hard disk. You just put a new hard disk into the computer, re-image it, and restore the data from the backups.


    • Danny Stieben
      May 18, 2012 at 7:43 am

      As I acknowledged in earlier comments, I see that backups could be helpful in a full reinstallation scenario. I also don't recommend people to not exercise their right for privacy, but I am just trying to make people aware of how they achieve that and what techniques could lead to which consequences. I suppose the title of this article is a little misleading because it is too general. Finally, yes, enterprises have their own needs, but they aren't the target of this article.

      I appreciate your other view, however, as you and others bring up good points. :)

  31. K. Darien Freeheart
    May 17, 2012 at 2:22 pm

    Encryption is not a "beginner" tool set. If you're working with data that is so sensitive it requires encryption, you should not be at the "beginner" level.

    Users are, by far, the weakest part of any security scheme. Until you realize that, your data is horribly insecure. Any person or company who trusts someone with vital data should do as much to educate the user about best practices because it's far more valuable than a complicated and complex encryption system.

    • Dave R
      May 17, 2012 at 4:03 pm

      True enough that encryption is not for "beginners", but there are a lot of people who are not computing professionals but nonetheless need encryption. Healthcare providers, attorneys, law enforcement officers - all deal with very sensitive data, and while they are not "beginners" in their chosen fields, they often use computers at the beginner level. Administering encryption systems is simply not what they're good at.

      For these, home dir encryption strikes a balance, to your second point - it transparently forces the user to make use of the encryption (they would be more likely to ignore or bypass a selective system like Truecrypt) while not requiring too much administrative knowledge.

      Fortunately, when it comes to backup and recovery (probably the only valid concern of the OP), users in these contexts typically have IT departments supporting them who can provide recovery assistance.

    • Danny Stieben
      May 18, 2012 at 7:38 am

      I have to agree with both you and Dave. Both points are valid, so I suppose it's up to the user (or admin) to make the decision of what would be riskier.

  32. Don
    May 17, 2012 at 1:47 pm

    I encrypt the entire home directory and "data" directories, especially on laptops and netbooks. I have not noticed a performance penalty. The only penalty per se is during the initial encryption set-up in which I opt to write random data to the encrypted partition.

    I use external USB hard drives for backup and I encrypt the entire backup drive as well. Every pendrive I have is encrypted... Before getting on the encryption "bandwagon", I had misplaced a pendrive that I keep design work on. I spent the better part of a week worrying about someone accessing my intellectual property. I was relieved to have found the pendrive in the clothes dryer lint trap!

    Since then, anything (computer, pendrive, hard drives) that can be stolen, lost, or misplaced is encrypted. Period.

  33. Matt
    May 15, 2012 at 9:40 am

    In the age of virtually everything being on computer, medical, financial records and alike, Encryption is a must. If not the whole disk then at least /home.

  34. Robert Ruedisueli
    May 15, 2012 at 9:22 am

    I really wish they would create a subdirectory in your home directory called /home/{username}/secure/

    This would make it nice and easy to stick all your encrypted things in one place.

    Additionally, on any program that you want to have it's config files encrypted, you can set it to use that as the config directory instead. (Hopefully they can set this up as an easy to set up option as well, on programs that it would be popular to do this.)

    • Rudi Pittman
      May 15, 2012 at 9:38 am

      What prevents you from creating a secure partition and then symbolically linking to it from your home dir to create the secure dir you say you want? Same with config files etc..just repoint them.

      • Danny Stieben
        May 17, 2012 at 11:06 pm

        The only thing that would prevent anyone from doing that is the amount of Linux knowledge they have. While you, Robert, and I would be able to do something like that, other people would refuse to try or some would require a tutorial.

    • Danny Stieben
      May 17, 2012 at 11:05 pm

      That certainly would be a great idea to make encryption of important files easier.

    • Joseph
      May 18, 2012 at 5:46 pm

      Nothing is preventing you - check out encFS.

  35. jackd
    May 15, 2012 at 3:57 am

    ", and the master boot record or its configuration files become corrupted because of the sudden loss of power, you’ll need to run a recovery disc and enter in commands in the hope that it’ll return to normal"

    I may be missing something, but MBR and "boot" partition would never be encrypted, so I don't understand how having some (other) partition(s) or directories encrypted makes this worse.

    For what it's worth, I say anyone who carries around a laptop and does not encrypt their partitions is crazy.

    • Danny Stieben
      May 17, 2012 at 11:04 pm

      That specific example applies to those who use entire disk encryption. It's a lot harder for GRUB to find the Linux kernel (and all other files) that it needs to boot off of if the partition it's located in is encrypted.

      • Joseph
        May 18, 2012 at 5:45 pm

        GRUB can't boot from an encrypted partition so full-disk encryption with GRUB requires an unencrypted boot partition. I believe GRUB2 can though.

  36. Rudi Pittman
    May 15, 2012 at 3:05 am

    You forgot to mention the necessity of running encryption of your home partition on linux laptops to protect your data in the event of theft.

    • Robert Ruedisueli
      May 15, 2012 at 9:28 am

      Anyone who carries around a laptop with unnecessary data on it is crazy IMHO.

      • Rudi Pittman
        May 15, 2012 at 9:35 am

        Some of us actually use our laptops for something besides gaming, web surfing and porn. What's your definition of unnecessary data? If I keep digital copies of documents I might need while travelling such as medical records, passport info etc it's hardly unnecessary but I certainly don't want just anyone having access to the information.

    • Danny Stieben
      May 17, 2012 at 11:01 pm

      Thanks Rudi, but that wasn't the point of the article. Listing reasons why people should use encryption is a whole other topic that requires a separate article or two. Yes, laptops should be more common to have encryption, but my article still applies to make people think about the decision.

  37. Rob
    May 15, 2012 at 2:49 am

    I'm not completely convinced about the 'recovery is harder' argument. The simplest solution is to have a good back up system in place. Period. Whether your system is encrypted or not, you can have data loss with partial or complete drive failure anyway. Yes, you can obviously recover more of your files if the system is not encrypted, but you've already lost if you're trying to recover images and documents off of a corrupted drive anyway. Back it up, simple solution.

    The performance point is okay, but still not really good. Phoronix did calculate performance metrics with and without encryption here: Generally if you're hard core about performance, it's not the hard drive encryption that is going to make or break something, look elsewhere (tmpfs for /tmp or web browser cache, for example). My netbook is over three years old, and runs both XP and Linux just fine with encryption (Truecrypt for XP, dm-crypt for the Linux).

    And using a volume specifically for encrypted files works, and I do encourage that. Really the only flaw is people need to readily think about what they do and don't want in the encrypted volume. Or consider applications that may write things in odd places that should be encrypted. You don't need to worry about that for full disk encryption.

    All in all, props on the article. Though I don't agree with everything, we all do need to encourage people to think about encryption more.

    • Danny Stieben
      May 17, 2012 at 10:59 pm

      Yes, I agree that backup is important. If you simply reinstall the OS and restore from those files, then it should be just fine, I agree. In the article my main focus as far as restoring goes was if some system component started acting funky and causing the system to not boot properly, but I suppose I didn't put enough emphasis on that.

      As for your other two points, you have a good support for what you say. I guess we can conclude that there are always pros and cons for encryption.

      Thank you! And yes, I think so too. I didn't write this in a "I'm an expert, so do what I recommend" manner because A) I'm an enthusiast, not a complete expert, and B) the main reason why I wrote this article was to challenge people and make them think about encryption so that they are more conscious of what they're doing. And I think that I'm achieving that.

  38. Dan
    May 14, 2012 at 10:44 pm

    If you're installing Linux in a laptop, then I would strongly suggest encrypting the /home folder (and maybe even /swap if you're paranoid). Data loss is much worse than just losing a physical computer. The thief could gain access to confidential personal data, banking data, passwords, personal medical info, sensitive business and corporate data, "intimate home videos", etc. On a desktop which can be secured in a home or office, encrypting the entire partition may not be as critical; but a portable device like a laptop it is a must because it is easier to lose, misplace, or be stolen.

    My laptop is Win7 but I encrypted the whole drive using Truecrypt. I also have linux installed in my usb drive if I need it, and yes the /home folder is encrypted.

    • Paul
      May 15, 2012 at 5:22 am

      All this is irrelevant if the person doesn't follow some simple security practices or if the distribution doesn't secure their system. On Ubuntu based systems, even if you've encrypted the home partition, when booting select the Linux in recovery mode, then choose the command line in super user option and one command will change the user password, the unfortunate side effect of Ubuntu trying to make the system more convenient for users by reducing security. Way around it is to encrypt the whole disk or enable the root account with a root password. As for the boot partition becoming corrupted, which is always a risk, make a backup copy of the boot files, this is the easiest solution to deal with this.

      • Danny Stieben
        May 17, 2012 at 10:51 pm

        Since passwords can be changed as you stated, that's why I still believe that using TrueCrypt is better, because if someone does get into your user account by changing the password, they still cannot access the TrueCrypt container.

      • csr
        October 12, 2012 at 10:11 pm

        Wrong. Changing the user password from an admin account will not allow access to an encrypted home directory. You cannot change an encryption key without knowing the previous key. If the admin changes the user password, then the encrypted user home will not be mounted when the user logs in with the new password.

    • Danny Stieben
      May 17, 2012 at 10:50 pm

      You have a good point. While I still recommend using something else like TrueCrypt for encrypting "regular" data, I understand what you're saying when it comes to data that is usually stored in hidden folders such as browsing info. However, I see that as the only possible reason to encrypt the home folder as regular data can be encrypted with TrueCrypt and system files shouldn't have a need to be encrypted.

      • Paul
        October 13, 2012 at 6:02 am

        It depends on how paranoid you are, there is a good reason to encrypt system files to protect against off-line tampering such as the installation of keyloggers or malware. It is definitely something the user has to think about and weigh up all the options. In Linux you also have an option, in most distributions, to create a separate home partition, in which, in theory, all the user settings and options as well as program data "should" be saved, if the software developers write their software as they should. I do agree that even if you don't choose this option, as in Ubuntu, creating an encrypted home folder will also deal with that issue. @CSR, thank you for correcting my mistake with regards to the password change as I was unable to find any definite information about it. If anybody is interested and using Linux they should check out "CryptKeeper", which is not cross-platform unfortunately, but it does work very well with cloud storage such as Dropbox.

  39. Free as in Freedom
    May 14, 2012 at 10:36 pm

    If you follow best practices and do regular backups, which can be encrypted themselves, you do not have to worry about these reasons not to encrypt your partitions.

    Also, I'd just like to interject for a moment.
    What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

    Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use.

    Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

    • Dan
      May 14, 2012 at 11:11 pm

      Looks like someone drank Stallman's kool-aid. Unlike you and the FSF, most of us aren't pedantic about it and we prefer to call it Linux for convenience.

      • gamaral
        May 17, 2012 at 2:48 pm

        Sorry Dan, you are not FREE to just call it Linux, you should call it Chrome/DWM/X11/GNU/Linux on Gentoo.

      • Danny Stieben
        May 17, 2012 at 10:46 pm

        I agree. I actually haven't seen anyone calling it GNU/Linux in a while lately.

      • uniwarp
        June 5, 2012 at 4:05 am

        that's the most irrational chain of thought i have seen in a long time... this goes for both you and all the other people who are posting nonsense replies.

        the fact is that linux was built on gnu's tools, that's how it got started and that's how it became popular. now, it's obvious that you haven't looked at a snippet of code throughout your life. if it was any other way, you would have realized that without a stable development platform, it will not be easy for any operating system to attract developers, hence users. which is exactly why calling it GNU+Linux is absolutely necessary, to give credit where credit is due.

        you people are best off reading a book or two on software engineering and operating system architecture. perhaps, it will help you appreciate the work which was done by the FSF. now, go cry in some other remote part of the internet.

        • Moneybags
          August 3, 2012 at 6:18 am

          What is this? The next generation of Linux snobbery? This kind of nonsense is over 10 years old already--I thought the community had finally grown out of these silly debates. You have absolutely zero knowlege about whether or not a person who posts on this site contributes to projects, understands operating system architecture, etc. Aside from debheads who else insists on calling the OS GNU/Linux these days? No one. You should be just as ashamed of yourself as the first person scolding people on not using your preferred label.

        • Danny Stieben
          August 14, 2012 at 6:48 am

          I actually like door number three, where we just call it by the distribution's name. It's not Ubuntu Linux, it's not Ubuntu GNU/Linux, it's just Ubuntu. :)

    • epiquestions
      May 15, 2012 at 1:19 pm

      really? did it make you feel better that you got that off your chest?

    • Danny Stieben
      May 17, 2012 at 10:45 pm

      Through backups, recovery can be easier if you simply restore from the backups in whatever way you wish, but the last two points still apply just as much.

      Thanks for lecturing me about Linux and GNU/Linux; I am well aware of that. While your comment may be an interesting read to those who don't know about it, the majority of users still call it Linux and not GNU/Linux, and we as a site need to use terms that people identify more easily. Linux is, in that case, a better choice for us to use than GNU/Linux.

  40. Truefire_
    May 14, 2012 at 7:40 pm

    I got a laugh out of 'use something better' with a screenshot from Vista :)

    • ypslinux
      May 17, 2012 at 6:45 pm

      Danny, Please never discourage people from security the computing environment. I would suggest for you to research and advise people how to recovery encrypted filesystem and folders if the primary OS of the computed malfunctioned with encrypted files.

      Privacy is a very serious matter and the Enterprise level is even more serious because they are regulations which required system to encrypt data at rest and while in motion. read about PCI/DSS 2.0 which control credit card processing... ypslinux

      • Danny Stieben
        May 17, 2012 at 10:41 pm


        Thanks for your concern, but I didn't say that they should forget about encryption altogether. I did mention that if they need encryption they should use something else, didn't I?

        Yes, on the Enterprise level things are different, but MUO doesn't cater very much to the Enterprise crowd, especially this article. This is aimed are regular users who are trying Linux and aren't sure what to do as far as encryption goes.

    • Danny Stieben
      May 17, 2012 at 10:40 pm

      Haha the focus was meant to be on TrueCrypt, but I do see your point. :P

    • Joe
      September 17, 2016 at 10:30 pm

      The only thing wrong with this article is that it doesn't have ratings at the top of it... so that I can give it a minus 10 and help other users who run into it not have to read through this... I mean really. Disk encryption has it's uses... hardware fault... backup your data. and Let's face, those interested in encrypting their drive would have a copy of the critical data.

Leave a Reply

Your email address will not be published. Required fields are marked *