Offer Full Disk Encryption Option with LMDE just like in regular Linux Mint.

RytronII
  3 years ago
  3
  Considered

Hi LMC.

I think it'd be a good idea for there to be an option at installation of Full Disk Encryption with LMDE just like there is in the regular Ubuntu-based Linux Mint.

Cheers.
Latest comments
RytronII 3 years ago

@xenopeek Thanks.


xenopeek 3 years ago

Duplicate of http://community.linuxmint.com/idea/view/5994


RytronII 3 years ago

@MagicMint ...or security. (-;

@Hammer459 Fair enough. (-:

@quake0 WTF?


quake0 3 years ago

Great idea. Just because your paranoid, does not mean they are not after me.


Hammer459 3 years ago

@RytronII I have never said "don't use it" just why I see no value in investing time in making it a default option in the installer. And I am kinda paranoid :-)


MagicMint 3 years ago

While encryption is just about personal needs, fear, or paranoia, nothing speaks against that option at install time — except that this is one of the good things Ubuntu added to vanilla Debian. You shouldn’t wonder when the LMDE installer comes more frugal than Ubiquity…


RytronII 3 years ago

@Rebel450
Why would I want to switch to Cinnamon? I never liked it. I use LM 17.2 MATE.

@Hammer459
Thanks for the info. I will still stay with LUKS though.


Hammer459 3 years ago

@RytronII The only security improvement you will see is if data-pertitions are encrypted. The path /usr contains static information such as the binaries you are running. Encrypting the binaries does not make your system more secure. Theoretically it could make it less secure since you could potentially use "known" files to reverse engineer your encryption key. What is a given is that every time you start or resume an application the binary must be decrypted as it is read. That may not be a massive load, but decrypt the megabytes in Office or FF a few times and it does add up. Without adding security.
Thus, encryption of /home, /opt and /var vill give security improvement the rest pretty much no difference.
And as @Rebel450 points out, LMDE is tergetting the advanced user and spending resources on this kind of low value feature is, IMHO, not in the scope of LMDE development.


Rebel450 3 years ago

It is not only that LMDE is just based on Debian.
Linux Mint made it very clear:
".... for the experienced user....."
This is no offence, but I suggest you to switch to Cinnamon better.
KIND regards


RytronII 3 years ago

@Hammer459

Could you clarify what you mean by "to decrypt the office binary". Also please clarify "encryption data and log" -- how does this differ from LUKS?

As I said I use full disk encryption with LUKS and my system is not noticeably slowed down -- it runs great -- sure if someone had a very low spec machine then I can see full disk encryption being an slowdown issue.

Why do you say full disk encryption brings no security improvement?


Hammer459 3 years ago

It is a matter of resources. Mint has a very small team and full disk encryption is not a high importance issue IMHO, especially in the "techie" version. And It does slow the machine down to decrypt the office binary while not bringing any security improvement. Encrypting data and log does improve security while having almost zero performance impact.


RytronII 3 years ago

Hi Hammer459.

I know LMDE is based on Debian and LM is based on Ubuntu. Just because LMDE is aimed at more advanced users doesn't mean it can't be a bit more user friendly. People are not necessarily paranoid just because they choose to use full disk encryption -- just being security conscious. I run full disk encryption on LM17 and my PC runs fine -- no slowness.


Hammer459 3 years ago

LMDE is not based on the same as Mint 17.2
LMDE is also aimed at the more advanced user.
Full disk encryption is rarely, if ever, meaningful and will make your computer slower and thus if you absolutely want it you figure it out if you use LMDE. encryption of /home and /opt is plenty add /var and even the most paranoid is covered