do many people actually encrypt their drives? is there any point?
i use veracrypti doubt it's secure against LE or anything (i just screen lock when i'm out and about, making coldboot or even just driver abuse piss easy), but it gives me enough peace of mind knowing there's some protection over who sees my intimate and/or classified content, mainly burglars and the likeand if LE does get my data, i'll know (the pc will be off, have driver messages, or anything of the sort)right now i'd be more worried about software collecting data (e.g. win10 has permission to copy ALL data on the PC in ANY device to microsoft servers and let them do anything with it, without ever telling you)
>>71389218>is there any point?Seriously, pal?
>>71389218i use encryption on literally everything i canit's basic security 101 nowadays
>>71389218There is no point when using an SSD since the way data is written to an SSD and cached means that unencrypted data is written to portions of the drive that is not encrypted. SSD's have no value whatsoever as encrypted drivesgoogle encryption ssd
>>71389303>>71389318I mean I understand it for the risk of theft but here in Aus we're completely fucked for government/border checks. Every time I go on holiday there's a chance of being randomly chosen to have my devices cloned (go to prison if refuse password) with no warrant or reason. The same government that has had numerous data breaches.
>>71389351>what is encrypted cloud storage>how do i clone and store a device on the internet>I am nuts
>>71389351I am in Aus, and my lappy HDD is encrypted for one reason only. If some shit head meth addict pinches it, then my data is protected and it will frustrate the hell out of him when he cant get on "facey".I dont mind if the man wants to look at my laptop when I am boarding a flight.
>>71389395fair>>71389383no>>71389348I'll read into this but surely the readable data is minimal if its just a temp cache
>>71389348That's only if you allow the drive itself to do the encryption. When the entire device is encrypted in software (i.e. via bitlocker, dm-crypt, etc) the only thing it can cache is encrypted blobs it's been handed by the OS. The whole encryption/decryption process is abstracted away from the actual storage medium. The only thing it should be handling in any way is ciphertext. SSD's builtin hardware crypto is garbage though, most is, even TPMs.
>>71389218I do it on Linux because why not I don't on windows though, since bitlocker is meh and I don't want to use a 3rd party solution.
>>71389395>>71389351How would you encrypt something here in Australia and get away with it?It's 60 grand and 5 years if you don't give up your password. Is there some way you can encrypt something but also be unable to access it with a password so you don't get charged with a crime but are also able to access it afterwards?
>>71389536Just carry your encrypted device up your arse and hope they dont make you shit in a bucket
>>71389536none. claiming to forget details isn't an excuse and you'll still go to prison. they extended it to 5-10 btw
>>71389616What if the device is set to brick itself if a password isn't entered in a certain period of time or if you had some sort of toggle that unless flicked back woupd set it to be locked out once turned on?
>>71389657either would be under intentional evasion/obstruction and you would be charged. guilty until proven innocent
>>71389519i need your help, i am new to linux and use luks to encrypt my external drives can you tell me is it secure enough or any other things i can use
>>71389351I just have a low power home server and connect to it.The fuck is security gonna do about that.
>>71389813So he wasn't joking literally the only way to get electronic information out physically is on a usb up your ass.
>>71389893what about hidden containers using veracrypt? Doesn't that provide plausible deniability, and allows you to avoid detection when it comes to your sensitive files?
>>71389218Yes. If I lose my shit, at least they only get hardware.I give no fuck about feds.
>>71389876It is secure enough
>>71389218I encrypt all my drives, just in case.
>>71389218>is there any point?Yes, if your drive fails and you RMA with warranty/guarantee.Do you really want them to see your gay porn?
>>71389218Mainly for burglar or relative protection. So they'd wipe the drives instead of look into them.Government will just lock you up for contempt or find you after suicide where you had to shoot yourself in the back of the head twice.
>>71389917Can anyone weigh in on this?Is it possible for them to turn up hidden containers? Keep in mind that they do clone the device once you unlock it for them.
All external drives should be encrypted.All laptop drives should be encrypted.All BIOS/Firmware should be password protected.All laptops should have booting from different drives (external or internal) disabled in the BIOS.Not because of the NSA but just to piss off Jamal. If Jamal were aware of the fact that stealing an electronic item isn't worth bothering he wouldn't be doing it.
>>71390191>thinking a chad jamal gives a shit about some whitey's cringe weeb porn
>>71389515fake newseven a fully encrypted SSD will leak data in an unencrypted way
>>71389218>>71389351Plausible deniability mode. Make a 64GB partition with ubuntu and some shitware. As if it's a trashy 64gb ssd inside. Give it a special key to unlock.
If your laptop get stolen they cant do shit unless wiping the drive off
>>71390349Ok, so why not just uefi password? Seems like the same result with no overhead.
>>71390431Because that doesn't protect the hard drive.
Opinions on OPAL 2 drives?I assume they have NSA backdoors but are they still /g/ approved?
Just put your goddamn deviant porn on external storage, geez.
>>71390345I would instead make a Veracrypt container and name it "bluray_rip.iso"
>>71390794>check magic number string of file>know it's definitely not a legitimate isoYeah good one.
>>71389813can't you do 2 level encryption to avoid this punishment? First pw decrypts normie stuff, second secret password decrypts the rest?
Aussies get their PCs screened just because? Good lord, I thought you guys left the "prison colony" days behind.
I do important shit in my Linux laptop which means I have a lot of sensitive information. On an SSD. You'll have to trust the manufacturer in order to properly wipe those. Or you can just use LUKS which means anything written on it (after decryption of course) will be encrypted upon write, which means I won't have to worry about wiping the SSD when eventually I will sell it in the future.
>>71390932Isn't TRIM disabled when using encryption on an SSD though? That's going to reduce lifespan.
>>71389813Have thousand-level decryption, then decrypting takes too long and big bro gives up
>>71390825You could always insist something must have gone wrong in the ripping process, or just play dumb.AFAIK it's impossible to prove it's encrypted rather than just some random bits.
>>71390315>nigger>chadThe cuck exposes himself
>>71390957>Isn't TRIM disabled when using encryption on an SSDI'm not sure but I assume the encryption software will do something similar to TRIM when deleting data rather than zeroing (or even randomizing!) deleted data.That would make far more sense to me since it would be much faster.
>>71391039You wont get the benefit of the doubt and the security clerk will decide if youre being prissy
>>71389218I encrypt everything because in burger land I can.
Why do you guys travel with your cheese pizza ? Why don't just let it home hidden and secure ?
>>71389218Mine's LUKS encrypted with secureboot and BIOS passwords, all different passphrases, and encrypted RAM and swap.>>71389303Has coldboot ever actually been used against anyone? I can't imagine agents bursting into your house with jugs of liquid nitrogen or some shit...
>>71391378The guy who ran the original silk road I think. Some woman distracted him in a cafe and another agent took the laptop before it had a chance to shutdown.
>>71390446>be jamal>steal computer>fuck nigga this uefi password>removes hdd, mounts on his liveboot of kali>[in my best nigger hacker voice] shieeeeeeeeeeeet. im in.
>>71391564They didn't need to, it was wide open, I think he was even logged into the site at the time.
My thinkpad has bios passwords, LUKS-LVM, and i's got a smaller attack vector. If it wasn't for school, I would have sub-400 packages.. But alas, LaTeX and an actual browser.>>71391628Yeah. He didn't even close his laptop.
>>71389218do many people actually lock their front doors? is there any point?
>>71390957Yes, unless LUKS devs have added support for TRIM in the last 9 years. I would think they have by now.
>>71390333>SSD can magically decrypt an encoded data streamNSA should use SSDs to decrypt bitcoins. Just copy that pesky encrypted data into the SSD!
>>71389218basically every storage device i own is encrypted with luks
>>71390957It's not, but it makes deniable encrypton impossible, since SSD will be zeroed selectively.
>>71389218I use Veracrypt to make encrypted containers and partitions. I have a dual 2.5" external enclosure with 500GB drives inside. Both fully encrypted. Holds all my porn. I don't even have anything risky, but if I were to die in an accident or something, I wouldn't want my parents to find out I am into mom-dom hentai. There's also the 100MB encrypted containers I have that hosts a plain text file of every single username/password for every single online service I've ever used, banks included. Definitely wouldn't want that getting out.O. That note, is it possible to burn an encrypted containers to a DVD or Blu-ray?
>>71389351Plausable deniability? Why not just use full disk encryption (as in including the boot sector) after filling the drive with random info and/or using a cheap secondary drive with some bsOS on it to turn in. If they cant see if anything is on the disk or not you can say that its just broken.
>>71390721I doubt a rubber hose attack is within the threat model of someone who just doesnt want their stuff ripped. I these are random checks I doubt they will give enough of a shit or be suspicious enough to try to torture a confession out of him. Its p reasonable that someones drive might just be broken.
>>71389813>>71390846Hidden encrypted partition, perhaps?Machine will always boot into non hidden partition and you sacrifice when you have to surrender your password, actual everything is on hidden partition.
>>71391378Coldboot has never been used IRL.>>71391564Nah. He was running his OS off a thumb drive and the feds had realized that while spying on him. Some undercovers created a distraction and another one grabbed him before he knew he was in danger.>>71389351If I were you I would be buttsmuggling a micro SD with all my important shit on it.
This is why you don't have a gf.
>veracrypt container>download best gay porn u can find>merge your encrypted file container into the gay.mp4 file>default to open .mp4 with VLC just in case>artifacts show up as framesits like u retards arent even trying
>>71392588No. This isn't why. My wife won't let me is why.
>>71392669>tfw the image/video thumbnails show up in the unencrypted cache folder
>>71391122What about steganography? At that point they can claim you're hiding child porn inside your family photos using steganography. Oh, you don't know what that is? Clearly, you're lying through your teeth, into jail with youThat literally breaks the entire concept of law and justice
>>71389616>>71389536What the fuck? How? How you people okay with this??? This is worse than 1984. If I lived there I'd have moved the fuck out just because of that, and I hate moving.
>>71389351Wow. How is Australia any better than North Korea?
>>71389303I completely deny that veracrypt has and currently is saving my ass. LE is on my ass, so just making a case for plausible deniability.As for OP. Yes.
>>71393564>That literally breaks the entire concept of law and justiceThat's the idea, yes.
>>71389536>>71390345veracrypt hidden volume
>>71389218I do accounting for myself, my fiance, my sole proprietorship, collect baby and family photos on my thinkpad, so yeah, I encrypt it with LUKS and a relatively "simple" passphrase about 14-16 characters. Not hiding from the law, or government to any great degree, so mostly just a restriction in case regular thieves get the system when I'm not watching. I have PGP encryption setup with my email clients on my phone and my desktop just in case. Useful enough if I wanna send myself a file easy by email but keep it secure too.
is it possible to make an encryption so insanely long to decrypt even with a key that they would just give up?
>>71389536Use hidden partition feature of veracrypt. No one can find that you encrypted something
>>71395614What would be the point?You would still have to decrypt it at some point and I doubt you have access to something as strong as an NSA supercomputer so if it took years for one of them to decrypt it you would have no chance of decrypting it in this century.