4 Reasons Why You Shouldn’t Encrypt Your Linux Partitions

Ads by Google

encrypt linux partitionPopular Linux distributions make it pretty easy to encrypt your home folder or even entire partitions if you’d like, without many issues. This is a great option to have if you’re someone who needs their data, whether it’s the home folder or entire partitions, that need to be encrypted. In most cases, all you need to do is select a check mark, and it’ll take care of the rest.

But some people select it just because it sounds like a good option to have (and it can be) and they don’t think about what kinds of consequences might result from such a move later on. By now you might be asking, “What? How could encryption possibly be a bad thing?” Well, here’s why.

Recovering Data Is Harder

encrypt linux partition

In the event that something in your system has screwed up, whether it be the operating system or some hardware part except the hard drive, you’ll more than likely want to get the data off your hard drive and move it to a more practical place. For data that isn’t encrypted, this can be easily done by running (at the minimum) a Linux LiveCD on any other computer, connect the hard drive to that computer, and then start moving your data. With your data encrypted, it’s not as easy as 1-2-3.

You’ll first have to search for some instructions on how to get past the encryption manually before you can reach your data. I can almost guarantee you that there aren’t any graphical tools that will do this, so people who aren’t comfortable with terminal consoles will have a difficult time.

Did I Mention Recovery Is Harder?

encrypt linux hard drive

Ads by Google

Speaking of systems that suddenly screw up, if your entire partition is encrypted you’ll have a harder time running recovery techniques on your system when needed. For example, if your system loses power as it’s installing a newer kernel, and the master boot record or its configuration files become corrupted because of the sudden loss of power, you’ll need to run a recovery disc and enter in commands in the hope that it’ll return to normal.

While recovery alone isn’t the easiest thing to do for Linux novices, doing a recovery on an encrypted Linux system will be even harder, again mainly for the reason that it requires extra steps that cannot be classified as “beginner-friendly”.

Possible Performance Impact

encrypt linux hard drive

Another item to note is that encryption may not be the best performance option for very low-powered devices. I know, plenty of devices today are definitely powerful enough to deal with encryption with negligible performance impact, but once you start looking at netbooks and older low-power devices, the performance margin suddenly decreases.

As netbooks are already slow enough (generally speaking) while running almost any operating system, you’ll want to try and get more performance out of devices like those rather than bog it down with encryption.

Use Something Better

encrypt linux partition

Last but not least, do you really need to encrypt vital system folders or partitions to protect your data? I’m pretty sure that most common users don’t have an entire hard drive full of data they want to encrypt. Instead of using such a large encryption scope, you can much more easily create TrueCrypt containers and place all of your data in there.

This is beneficial in that it only encrypts what you need to encrypt, it doesn’t make recovery-type actions any harder than they already are, and it doesn’t impact your computer’s performance whenever you don’t have the encrypted container mounted. Simply put, encryption is good, and this is the best way to do it.

Conclusion

As always, what you end up doing is completely up to you. If you feel that you need to encrypt your entire home folder or even your whole partition, go ahead as long as you’re aware of what might be facing you on the other side. However, I still recommend that people who are unsure or are new to Linux should keep their stuff unencrypted and only use a TrueCrypt container if they feel encryption would be helpful.

Did you enable encryption on your Linux partitions? If so, is there anything you’d like to add to this article or dispute? Let us know in the comments!

Image Credits: Hard Disk Repair via Shutterstock, mpolla, Waiting To Connect via Shutterstock, Gustavo Gerent

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Best Linux Apps
Best Linux Apps
32 Members
Linux for New Switchers
Linux for New Switchers
32 Members
Master the Linux Command Line
Master the Linux Command Line
30 Members
Linux Distros Talk
Linux Distros Talk
24 Members
Ads by Google
Comments (65)
  • stefan

    Dear Dan,

    I used to have similar opinions about FDE; however, now I’ve substantially changed my mind.
    I use FDE on my ASUS netbook which serves as file/print server and runs owncloud accessible from anywhere and syncing my devices. Performance impact is neglectible, and the only thing I need to do is enter the passphrase once on bootup.

    So what are IMO the pros for FDE?

    – There is something dangerous about the idea of ‘just encrypting sensitive data':
    Point is that your system needs to be able to access this data somehow, and unless you do not protect it with an extra password user tend to store sensitive credentials permanently in the unencrypted part of your hard disk. It will be easy to find it there and access all sensitive data.
    – It is somewhat difficult even for me to decide instantly if something is ‘sensible’ data or not and with FDE I simply do not worry about it.

    One thing though is that it is far more important to think about the data security aspects of a running system than if the system has been powered down.
    I do not power down my laptops often, just put it to sleep mode. Then it is just protected by the main users system password.
    So I assume with special hardware it would be still possible to steal data from the live laptop system.

  • know one

    you can use something comprimised like truecrypt!

  • Ivan

    Scenario: Buy new hard drives say six. Even though the reviews for HDD nowadays are terrible seeing as the companies don’t seem to care for them anymore. Stick all the stuff that people wouldn’t want others to have access to.
    Encryption keys ?, money related documentation, porn, private family/friends pictures/videos/chatlogs/etc., other personal information, work documents, etc.
    Don’t bother encrypting it after a week click click click. Return the drive. Oh hey you’ve just sent someone a hard drive full of everything you didn’t want anyone to see. Success!

  • Michael

    You do need to encrypt the entire hard drive, or at least the entire partition, and the reason behind that is the complex amount of logs a computer holds, from /val/logs and /home/user folders to many other places, including time stamps of when every file was accessed and modified on the computer.

  • Jus0c

    Very good article but I would disagree on the potential for system impact, I’ve used the LvM2 with AES256 and the performance impact was not noticable or negligable on a machine with 2GB of ram and an old AMD AthlonXP.

    It makes recovery harder you say, isnt that the whole onus of the idea of using it in the first place?

    However I must rate you on your choice of encryption software being Truecrypt instead of bit locker.

    Bit-Locker might seem really cool but heres the low down for people not in the know, Bit-Locker encryption is pointless because with one or two simple command’s anyone can defeat it and retain anything you nievely believed it had secured. To obtain the recovery password for volume C: simply issue the following command on any Bit-Locker secured system at the command prompt:

    manage-bde.exe -protectors -get C: -Type recoverypassword

    However I should point out Truecrypt containers can also be broken with a brute force tool called Truecrack but they would have to be able to load a list of passwords on the off chance yours is amongst those in a brute force dictionary file or try to recover the password from a LIVE system using a tool called Memory Dump.

    A choice of encryption with Serpent-AES-Twofish along with SHA512 is ample protection from everybody.

    Although some anti-forensic tools have legitimate purposes, such as overwriting sensitive data that shouldn’t fall into the wrong hands, like any tool they can be abused and used a weapon to invade the end users privacy. So for the truely paranoid you would also use a whole host of other features like Security Certificates with RSA at around 2048 Bit with SHA512 to secure things like correspondance and email in transit, but in truth how many people actually take the time to do such a thing? Instead nearly the majority of the planet sends all there e-Mail and correspondance in the clear which is almost akin to writting a personal message on a piece of paper, folding it in half, writting the recipients name on the back and posting it in a post box without an envilope. No one would read it, would they?

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.