I’ve enabled full hard drive encryption on all of my devices. The only exception
is my homeserver (mainly running Nextcloud), where all of my personal data is
stored. I’m the only user and have chosen a very strong root- and user password.
From what I’ve researched, the only person who can see my data physically is the
super user (aka. me), but if someone else doesn’t have the password, they can’t
read anything critical and my personal data are safe from the eyes of others.
Is that correct? If it is, why does LUKS exist?
Except when your drive is encrypted you can easily destroy its contents. Let’s say you’re DorkPirate1337 who happens to care about their opsec; you luksEncrypt your drive and have a simple script that runs when a specific USB key is disconnected, triggers luksErase, and then poweroffs. Voila, when the school principal snatches your unlocked laptop while you’re in the lib, all your pirated hentai becomes permanently unaccessible whether you give up the password or not. [Edit: the USB key is strapped to your wrist]
Note: luks uses 2 encryption keys, where one is randomly generated and encrypts the actual data, and the second one is given by the user and encrypts the first one; luksErase destroys the luks header containing that first key
Except when your drive is encrypted you can easily destroy its contents. Let’s say you’re DorkPirate1337 who happens to care about their opsec; you
luksEncryptyour drive and have a simple script that runs when a specific USB key is disconnected, triggersluksErase, and thenpoweroffs. Voila, when the school principal snatches your unlocked laptop while you’re in the lib, all your pirated hentai becomes permanently unaccessible whether you give up the password or not. [Edit: the USB key is strapped to your wrist]Note: luks uses 2 encryption keys, where one is randomly generated and encrypts the actual data, and the second one is given by the user and encrypts the first one;
luksErasedestroys the luks header containing that first key