Zorin installed on pc and set up with ubuntu encryption: can it encryption be cracked?

Hello,

I have installed Zorin on my main machine and used Crypt with password. If my laptop gets stolen, can encryption be cracked? Can others find decryption keys?

I used Veracrypt on WIndows before. Is Crypt on Zorin that strong as well?

Thanks for helping me out :)!

This question is a bit harder to answer, given the phrasing.
I often point out to users that are just looking for a little extra security, that they do not need to encrypt the drive unless they work for the CIA or Coca-Cola.
It is far more security than most people need. And can be more trouble than it is worth.

If your notebook computer is stolen while it is Powered Off, then it is quite secure. It would be exceptionally difficult to crack into, if not simply not possible to do so. For most that consider the possibility of theft, then the culprit is likely not a member of a clandestine organization with high level resources in which cases- They simply cannot break the encryption. Most street theft of electronics is not interested in the data, but in the resale value of a wiped drive.
For the average thief, this applies the same way if your notebook is stolen when powered on but in Hibernate.
However, if your notebook is hibernating when it is stolen by a high level and well trained organization, say the FBI, then it is possible to get the decryption out of the RAM. It is less secure in Hibernate.
For the best security, never leave the notebook computer unattended while it is in Sleep or Hibernate and powered on if you fear decryption.
When it is attended and during use; handcuffing it to your wrist may be the best bet.

1 Like

The likelihood of a random thief guessing your password is certainly pretty low. Someone more knowledgable might be able to run an automated script to try and guess passwords for any period of time and see if there's any luck.

If you see this from the thief's perspective, what are the chances that a random stolen laptop contains any meaningful information that makes this effort worth it? But then again, how many laptops are actually encrypted (even when it's relatively easy to do) ... it might tip off to the thief that it might be worth a try.

Regardless, I'll state the obvious: your computer is only as secure as the keys used for encryption. This is true for any operating system, so make sure to always use strong passwords.

This may apply to Root Password, but does not actually apply to the question asked by the O.P. which deals with LUKS AES-256 Encryption.
That is a hash, not something that can be guessed.

1 Like

Just FYI: This is not just CIA or The Coca-Cola company.

Full-disk encryption is a required security standard to be used on majority of hardware in majority of standard companies today.

So users, who use their devices for professional/daily job use will have a full disk encryption of some sort, and this includes Linux too.

Actually, we agree. From my perspective, I often see questions regarding Full-Disk Encryption from users that are not working for a company (Or the CIA) that requires it; they just want a little extra feeling of security. Since this is the most common scenario I see, this is where my brain defaults to.
Most Computers provided by companies have that security handled by that company and that computer is using Windows.

For the home Linux user; they really do not need full-disk encryption and for them, it is often more trouble than it is worth. It is far more security than they need.

You can see why a company may want that security- a company notebook may contain customers billing information, for example.
This information is also securely available from a variety of sources - so losing access on that one notebook is no big deal.

But for the home user, that kind of security can actually lock them out of their own personal data, making a lot of personal files irretrievable (as they may not have multiple up to date back ups) and it was usually not necessary for them to have that kind of intense security. Some home users may well need or want that security - should they be an inventor or uhhh... a home movie star or something... And even then, using encryption on the individual sensitive files would probably be a preferable approach (or on one directory used as a Vault), than in encrypting the entire disk, including your Grub Configuration file.
As long as they are informed and cautious in their decision and approach, it should be fine.

TBH: let's say that I do am scared from the FBI and CIA.
Which drive encryption should I look in to? What can not be cracked?

I am kind of a security and anonymity freak so very interesting in learning as well.

Thanks for helping me out!

There is no encryption that cannot be cracked.
The AES-256 Encryption used in LUKS is about as near to it as you can get.

There really are two basic things to consider: Cracking an encryption or working around the encryption to bypass it.
Cracking 256 encryption, currently, would require a series of supercomputers employing a brute-force attack that would take more time than you or your curious onlooker have time to be alive. So, any person that wants to get past your LUKS encryption would be far better served to bypass the encryption than to try breaking in.

When Quantum Computers are developed, even 256 encryption can become far more breakable. But we are not there, yet. And the FBI and CIA do not have Quantum Computers, either.
The weakest link in your computer security is when it is powered on and logged in.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.