LUKS SDA encryption

Hello,

when installing Zorin OS, I have installed LUKS and the only place where the password is stored, is in my head.

However, I am worried that if my laptop is stolen somebody will be able to refrain the password from the drive to unencrypt it. They can dump the memory of the machine and recover the keys if they want? As the keys are stored on the machine in cleartext?

Is that possible?

Thanks for helping me out!

Warm regards,
Ruth

No, the whole point of full-disk encryption is that someone with physical access to the computer can see nothing except for meaningless, scrambled bits.
Storing the password in clear-text would be like leaving your house keys hanging outside the front door.

If you did your homework and chose a good password with high entropy, trying to guess the password by brute force would take anywhere from a few hundred years upwards to thousands of millions of years.

I would imagine some of the most sophisticated three-letter agencies have the means to reduce this time, or perhaps even have ways to entirely bypass encryption... but if that's who you're worried about you should consult a cryptography expert and not random strangers on the internet :smiley:

1 Like

Thanks for your reply ;)! Appreciate it a lot!

That is exactly what I am worried about.

I am in the offshore finance niche and I would not like the data of clients to get spread all over.

Any idea of where I can consult a cryptography expert or a forum with freelancers on the internet who can help me out!

Thanks so much in advance!

1 Like

I should clarify something I said before.

Encryption algorithms these days are so strong that is not worth the effort to dedicate resources to break them, but rather try to go for a weaker link in the security chain. The mains reasons why people get hacked are human error and social engineering. Other attacks rely on setting up fake wireless access points that are capable of intercepting traffic before it's encrypted, etc.

In other words, you should worry more about how you use your computer rather than the quality of the underlying software. You don't really need a cryptography expert since LUKS already is considered quite a robust solution, and you don't need to implement your own cryptography algorithm.
What I'd recommend instead is reaching out to a cybersecurity firm that can provide the necessary training to handle sensitive data. I'm afraid I don't know of any firms that can provide such training but that shouldn't be too hard to find online.

2 Likes

@zenzen covered this very well and his answer as accurate.

I often advise ordinary home desktop users to not use LUKS because if they lose or forget their password, their data is utterly lost. Even the CIA could not retrieve it.
I usually word it as, "Unless you work for Coco-Cola keeping the secret recipe or the CIA itself, you do not need LUKS. It is overkill."

It sounds like LUKS applies to you.

1 Like

Thanks guys for helping me out and clarifying it more in depth. I am very grateful and thankful!

Have a wonderful day and stay safe ;)!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.