Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Non-*NIX Forums > General
User Name
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!


  Search this Thread
Old 06-05-2017, 12:37 AM   #1
LQ Newbie
Registered: May 2017
Location: SouthEast USA
Distribution: Ubuntu 16.04 LTS
Posts: 16

Rep: Reputation: Disabled
Encryption for Newbies

Can Linux encrypt all data to prevent Governmental abuse? If so how is this implemented?

thank you
Old 06-05-2017, 01:14 AM   #2
Senior Member
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 18.2 MATE
Posts: 3,491
Blog Entries: 2

Rep: Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196
Yes, and there are many ways of doing this.

This sort of generic question is best answered by searching on the internet for e.g. Linux encryption - there are a plethora of articles out there on the subject.
Old 06-05-2017, 01:29 AM   #3
Senior Member
Registered: Mar 2012
Posts: 1,487

Rep: Reputation: 390Reputation: 390Reputation: 390Reputation: 390
There is also a distinct possibility that your data will be kept safe even from yourself...
Old 06-05-2017, 03:06 AM   #4
Senior Member
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,372
Blog Entries: 3

Rep: Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049
You can raise the bar a little but consensus seems to be that you won't be able to keep out the major state-level threats with just your laptop, especially if they gain physical access. Minor threats are surmountable though, to a certain extent, both corporate and governmental.

If you are still interested you can encrypt whole drives as well as home directories. The details of how vary from distro to distro even if the underlying programs and methods are mostly the same. That will protect your data if the machine is stolen or if you have to send an old drive off to recycling. However, as pointed out, you risk keeping the data safe even from yourself. All it takes is a bit to flip in the wrong place and you're out. Apparently the chances of any part of the drive experiencing such an even is quite high for SSDs, even the expensive ones. So if you go the encrypted drive or home directory route, get quite religious about backups and do at least an incremental backup at least once a day.

Then there is the encryption of your connections. HTTPS is merely a symbolic statement that you'd prefer people not to read the traffic. The problem is not so much with TLS itself but with the way certificates are distributed and blindly trusted. So you'll want a VPN, but most, even OpenVPN which is ahead of the others, lag in available encryption algorithms. You could use SSH as a VPN but even then, once the HTTPS traffic comes out of the end point the caveat about HTTPS still applies. (If it's a web mail UI, it's not secureable.)

About e-mail, even using OpenPGP, all the metadata is available unencrypted.
Old 06-05-2017, 07:39 AM   #5
Registered: Mar 2011
Location: Sutton, MA. USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu
Posts: 5,610
Blog Entries: 12

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
Moved: This thread is more suitable in General and has been moved accordingly to help your thread/question get the exposure it deserves.
Old 06-05-2017, 11:03 AM   #6
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,455
Blog Entries: 4

Rep: Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918
Encryption should not be thought of as a way to "prevent Governments." They have unlimited resources, unlimited secrecy(?), and privileged access to the Internet.

Instead, encryption is there because, as Phil Zimmerman (the author of PGP®) put it: "It's personal, it's private, and it's nobody's business but yours."

(But also, today: because you expect to be able to type-in a credit card number to a web site, without fear of that number being "effortlessly stolen.")

Modern encryption methods give you three distinct assurances, if used properly:
  1. Confidentiality: If you wish, your message will be enciphered so that only its intended recipient(s) can read it. (But, if you actually don't care about confidentiality, you can still have the other two assurances!)
  2. Provenance: You can be confident that the message did come from its stated sender.
  3. Message Integrity: The message that you received is, "bit for bit," exactly the message that was sent.
Like all other operating systems, Linux implements several industry-standard encryption suites, including: TLS/SSL (the security behind "https:" web pages), OpenSSL, OpenSSH, OpenVPN, S/MIME e-mail security, and GPG (which is compatible with the proprietary PGP®). Furthermore, it does it using exactly the same open-source, peer-reviewed software stacks that everyone else does. This is important.

Each of these suites does much more than to simply provide access to "a modern cipher." Instead, they undertake to provide "Soup to Nuts!" Key-management ... cryptographically secure random-number algorithms ... defenses against attacks concocted by "white-hat peer reviewers ... all of these considerations have been addressed for you, by qualified experts.

... and, "are they different, from any one operating-system to another?" Absolutely not!

- - -
A fundamental and critical aspect of any security arrangement that is worth trusting is that there is no "security through obscurity," Every aspect of the pipeline, including any and all ciphers that may be used, is publicly known, open source, and peer-reviewed. It is known that the security of the message lies in exactly one thing: "the key."

All of the systems previously mentioned are built this way.

But, you must use them "in the right way." For instance, do not use "passwords" or "pre-shared keys (PSKs)." Use one-of-a-kind digital certificates, uniquely issued to each and every recipient. Used properly, an encryption system will provide "bulletproof security" that is convenient(!) for its authorized users and (fairly) easy to manage.

- - -
If our tax dollars are being used wisely , then "government agencies with three-letter acronyms" will still possess the ability to decrypt things that you-or-I can't. (While you are rotting in jail for refusing to obey a Search Warrant issued by the Court.) But they also are tasked with contributing their expertise to the development and analysis and peer-review of "civilian-grade" cryptosystems ... because that, too, is part of their Mission to the public.

Last edited by sundialsvcs; 06-05-2017 at 05:35 PM.
Old 06-08-2017, 04:06 PM   #7
Registered: Jun 2012
Location: Lawrence, KS
Distribution: Mostly CentOS
Posts: 71
Blog Entries: 31

Rep: Reputation: Disabled
Didn't we already have this conversation?
Old 06-08-2017, 07:57 PM   #8
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,455
Blog Entries: 4

Rep: Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918
Originally Posted by vmccord View Post
Didn't we already have this conversation?
Yes, it comes up pretty regularly. It's an "Energizer® Bunny" topic, but still an important one. There are a lot of misconceptions about encryption. It's not the stuff of "secret agents" and of "guv'mint cryptographers." Certainly not anymore.

Last edited by sundialsvcs; 06-08-2017 at 07:58 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to have luks encryption with keyfile OR passphrase (efi full disk encryption including boot)? byroncollege Linux - Security 2 03-30-2017 07:45 AM
[SOLVED] Non-system partition encryption versus container-file encryption of equal size Ulysses_ Linux - Security 13 07-17-2015 07:38 PM
[SOLVED] Where can I find a newbies guide to XFCE or is XFCE not for newbies? Robert.Thompson Slackware 5 03-07-2011 10:27 AM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 11:47 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration