How important is disk encryption if my desktop PC is physically secure?
The main threat disk encryption helps against is physical access, so if thatâs not a problem then you donât have to encrypt your disk.
How important is disk encryption if my desktop PC is physically secure?
Disk encryption is extremely important in some contexts (theft, seizure, or any scenario where an untrusted person might have physical access to the device). If these threats are not a factor for you, or if you have other means to reach an equal or greater level of physical security, disk encryption may not be as important for you.
It also depends on your threat model. As an example, encryption may be stronger protection against legal threats or motivated attackers than any amount of (reasonable) physical security. A locked drawer might thwart the casually curious or a crime of opportunity, but a locked drawer or door or even a safe may not be enough to protect against motivated criminals or law enforcement.
1 Like
I would never keep such sensitive information that could attract law enforcement or motivated attackers on my PC.
Anything thatâs very sensitive is kept strictly on my GrapheneOS phones and on nothing else.
So I guess there is no good reason to use full disk encryption for my PC.
1 Like
I was wondering if there is some good reason not to. As I see it, it should be a standard procedure, there is no harm to have it on by default or am I missing any downside?
No harm other than performance/inconvenience of having to put in your password to unlock the disk. And of course if you get locked out of it for some reason your data is basically gone.
- Much higher chance of losing data.
- One more passphrase to remember.
- Typing it everytime.
- It impacts performance a little bit.
Realistically the performance hit is going to be so small you wonât notice it.
You should have a modern SSD/NVMe though, and anything else is a pretty crappy experience for a boot disk encrypted or not. As for standard proceedure, well iOS/Android has it enabled by default and Windows Professional copies will encourage you to do it.
2 Likes
In my opinion there isnât a good reason not to and it should be a standard practice.
Disk encryption and backups are two areas I think the tech (specifically PC) industry has really fallen short. These should both be considered standard practices and made dead simple to the average end user.
Its true this is a real risk with encryption, but it doesnât have to be a big risk. Mobile devices (both iOS and Android) are good examples of how average non-techie people can have the benefits of encryption without excessive risk/downsides when encryption is the default and enabled by design.
Often this is the case but it is not necessary.
There are various possible methods of passwordless authentication you can use for disk encryption or login, but even if you do use a password, it could be the same password you use to login (both passwords are for use offline only and both for the same device so the added risk of âreusingâ the password in this specific context is lower than it would be in other contexts, for many threat models, I think it is safe enough to use a single password for login and disk unlocking, but that is a decision for each person to make individually).
Not Necessary,
(I have a Linux laptop, a Macbook Air, an iPhone, and an Android phone, none of my devices require me to input two passwords). With linux I enabled this behavior manually, with the other 3 it was the default behavior.
True, but in most cases it is not a perceptible or substantial difference
1 Like
Disk encryption additionally protects your data when you dispose of or sell a device. Otherwise your only option with an SSD would be to physically destroy it, since you canât reliably guarantee unencrypted data is deleted the way you could by overwriting an HDD.
2 Likes
On modern flash storage SSD/NVMes there usually is a âsecure ATA eraseâ command, which flips all the bits to 0 which we mention here: Erasing Data Securely From Your SSD or HDD - Privacy Guides.
Most BIOS menus also have an option to do it, least on my computers they do.
You canât be sure that Secure Erase actually erases an SSD, unless the drive uses hardware encryption (in which case the ATA Secure Erase mechanism simply deletes the encryption key), because overwriting with all zeros is unreliable on flash storage for a variety of reasons.
Most SSDs are transparently self-encrypting drives nowadays though, which is why the Secure Erase function is basically instant. However, you then run into the issue of not knowing what encryption scheme your SSD implements, and how it generates its keys. Itâs possible that your SSD has weak encryption (like if it uses ECB), and itâs also possible that its random number generator is weak and the keys that itâs using could be easily discovered. In either case, thereâs really no way for you to test your SSD and discover these facts for yourself, so youâre basically crossing your fingers.
Thus you should really be using an additional layer of software-level drive encryption, where you can verify all of these things are adequately secure. That way when you delete the key, you know your data is unrecoverable.
This is also why we mention physical destruction may be necessary with flash storage devices, although this wording could probably be made more clear.
2 Likes
Thatâs true enough I guess.
Jonah is right here. This is a major issue and downside to SSDs. Not sure i follow the part about the ECB but wouldnât compare it.
1 Like