[kwlug-disc] Why Encrypt? [Was: Re: OT - degauss/wipe a dead hard drive/LTO tapes]

Chris Irwin chris at chrisirwin.ca
Mon May 3 16:25:18 EDT 2010 

On Mon, May 3, 2010 at 15:46, unsolicited <unsolicited at swiz.ca> wrote:
> So why bother encrypting?
> - surely no significant financial loss would be incurred by most in a worst
> case scenario.

Who knows. I've got my bank passwords stored on my machine. I've got
every password I ever use stored on the machine, actually.

Also, please define significant. My definition would be >$0 (not
counting the hardware itself -- encryption doesn't solve that
problem).

> - it's a PITA.

ecryptfs decrypts based on your regular login passphrase. It is no
more a PITA than logging in usually is. Other methods can be more
invasive, though also potentially more secure. Passphrase + One-Time
use RSA ID to decrypt and boot? Pretty secure, unless you keep the RSA
fob with the laptop.

> - just how likely is it that someone breaking in (non-laptop) is hunting?
> - just how likely is it that that lost/stolen laptop doesn't just have its
> drive reformatted?
> - just how likely are the worst case scenarios, anyways?

I don't want to play "likely". In the unlikely case that somebody did
want to snoop at my drive, it is also unlikely they will get past the
encryption. Nothing is impossible, but pretty narrow odds. I could go
more secure, but that also gets more invasive. I think I've hit a nice
balance.

Do you lock the doors on your car? your house? How likely is it that
somebody would just walk up and in? Do you shred your
statements/records/etc? How likely is it that somebody wants those?

> Now if you're keeping credit card data around, etc., OK. You have a duty.
> But I doubt that's frequently the case.

I purchase stuff online. My credit card data is probably in my firefox
cache. I have an account file with banking and paypal info. email
passwords. GPG keys. SSH keys. Everything needed to access and control
everything I do online is there. Why risk it?

> So, to the list, why bother encrypting?

I am confident that nobody will ever be looking at my data. There is a
marginal CPU/processing overhead, and zero workflow changes required.
So the better question is: Why not use encryption?

-- 
Chris Irwin
<chris at chrisirwin.ca>

More information about the kwlug-disc mailing list