Fellow selfhoster, do you encrypt your drives where you put data to avoid privacy problems in case of theft? If yes, how? How much does that impact performances? I selfhost (amongst other services) NextCloud where I keep my pictures, medical staff, …in short, private stuff and I know that it’s pretty difficult that a thief would steal my server, buuut, you never know! 🤷🏻♂️
This shouldn’t even be a question lol. Even if you aren’t worried about theft, encryption has a nice bonus: you don’t have to worry about secure erasing your drives when you want to get rid of them. I mean, sure it’s not that big of a deal to wipe a drive, but sometimes you’re unable to do so - for instance, the drive could fail and you may not be able to do the wipe. So you end up getting rid of the drive as-is, but an opportunist could get a hold of that drive and attempt to repair it and recover your data. Or maybe the drive fails, but it’s still under warranty and you want to RMA it - with encryption on, you don’t have to worry about some random accessing your data.
Dude just use a hammer
I used to until I realized that I’ve got bigger threats to worry about.
And like someone else mentioned, if I have to do data recovery for some unknown reason I want to make sure the data’s not encrypted.
Why? If you store the key in your password manager shouldn’t be a problem to mount the drive on another PC, decrypt it and save data. Or am I missing something?
Recovering data from a corrupted, encrypted drive is way trickier than from a simply corrupted drive, I imagine.
Why? What would be the problem?
P.s. Why did you link to the Anti Commercial-AI license?
Why? What would be the problem?
On linux, you’re probably using LUKS. That has a header with the keys at the beginning of each encrypted volume. If those keys (or key if you only have one) is corrupted and you don’t have a backup of that, you’re fucked.
The next problem is that data recovery tools mostly don’t support decryption. They scan regions or the entire drive for recognizable things like partition headers, partition tables, file types, etc. if those are encrypted, well…
If you are able to decrypt a partition, then it might work as it will show up like any other device in
/dev/mapper/and you could dorecovery /dev/mapper/HDD. However, I have no idea what data corruption does to encryption algorithms. If one part of what is being decrypted is faulty, what does that do to the entire thing?
This mostly comes from a lack of knowledge on my part. IIRC encryption depends on hashsums -> if you change what’s being decrypted/encrypted, the entire hashsum is incorrect and thus all the data shouldn’t be able to be decrypted. But I might be wrong - I’ll gladly be wrong on this.
Yes of course, with dm-crypt (luks), very little as AES-NI is incredibly fast.
Nope. This isn’t part of my threat model.
I don’t have sensitive data and stealing a drive would be inconvenient for a thief.
You don’t have sensitive data? Would you mind expanding on that a bit for me? Just curious how you like, live, and stuff.
I’m surprized as well, like I guess I would understand if it’s a no log DNS server but, what else wouldn’t have sensitive information.
My Music, Movies and Shows, I dont consider them private/sensitive, as they aren’t illegal to possess or even download in my country. I would even donate my filled but corrupted drive to a repair guy, he can have the media if he can repair it.
Plex data, pi hole, and home assistant don’t contain anything meaningful. No credentials are stored in a form that can be reused.
The most sensitive is immich, which I’m more concerned about backups than I am someone might steal my nudes. Their online anyway.
Email is hosted off-site and I still have physical files for a lot of my documents. If someone stole hdds out of my server, they’d get a lot of Linux isos, pictures of cars, porn, tons of versioned software and games installers, etc.
Maybe my definition of sensitive is different than yours though.
No. I run my servers on low quality shit and I expect them to break any time. Never had to perform a data recovery but if I need, I’ll thank myself I didn’t encrypt my pics
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System LVM (Linux) Logical Volume Manager for filesystem mapping MQTT Message Queue Telemetry Transport point-to-point networking NAS Network-Attached Storage NFS Network File System, a Unix-based file-sharing protocol known for performance and efficiency Plex Brand of media server package SATA Serial AT Attachment interface for mass storage SSD Solid State Drive mass storage SSH Secure Shell for remote terminal access VPS Virtual Private Server (opposed to shared hosting) ZFS Solaris/Linux filesystem focusing on data integrity Zigbee Wireless mesh network for low-power devices
12 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #686 for this sub, first seen 17th Apr 2024, 08:25] [FAQ] [Full list] [Contact] [Source code]
I want to, but haven’t found the time to make a strategy on how to move over the data. It would take a bunch of shuffling as all drives are in use. The next problem is decrypting at boot and securely storing the decryption key - if I choose to use a decryption key at all. Maybe it’ll be a usb key that I have to plug into the server when starting it, or I have to setup decryption of the system over SSH, but that means automated restarts are… difficult.
Not sure how to tackle the problem yet…
I use separate disks for data storage and my OS. That way a headless system can boot and all the services like SSH can become available, and I can decrypt the data drives remotely.
When there’s an unexpected reboot I can still get into my system and decrypt remotely which is nice. I can also move the data storage disks to another system without too much hassle.
I did have to make sure some services were fault tolerant if an encrypted volume was unavailable when the OS booted. An example of this might be torrenting software, I needed to make sure the temporary storage was on an encrypted volume. The software had a sane fault mode when the final storage location was unavailable, but freaked out for some reason when the temp storage was missing.
Once set up the whole thing is pretty easy to manage.
I did have to make sure some services were fault tolerant if an encrypted volume was unavailable when the OS booted
How did you achieve that? systemd dependency?
I’m pretty sure I didn’t mess with systemd, though that would probably be the right way to handle it.
I was able to update a runtime config so if any storage wasn’t available it just halted the service. Then I created a short script I’d invoke manually which decrypted the luks drives and brought the dependent services up. I also added monitoring to alert me when the drives weren’t available for whatever reason.
