this post was submitted on 16 Apr 2024
89 points (96.8% liked)

Selfhosted

40133 readers
534 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Fellow selfhoster, do you encrypt your drives where you put data to avoid privacy problems in case of theft? If yes, how? How much does that impact performances? I selfhost (amongst other services) NextCloud where I keep my pictures, medical staff, ...in short, private stuff and I know that it's pretty difficult that a thief would steal my server, buuut, you never know! 🤷🏻‍♂️

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 7 months ago (1 children)

I used to until I realized that I’ve got bigger threats to worry about.

And like someone else mentioned, if I have to do data recovery for some unknown reason I want to make sure the data’s not encrypted.

[–] [email protected] 0 points 6 months ago (1 children)

Why? If you store the key in your password manager shouldn't be a problem to mount the drive on another PC, decrypt it and save data. Or am I missing something?

[–] [email protected] 6 points 6 months ago (1 children)

Recovering data from a corrupted, encrypted drive is way trickier than from a simply corrupted drive, I imagine.

Anti Commercial-AI license

[–] [email protected] 1 points 6 months ago (2 children)

Why? What would be the problem?

P.s. Why did you link to the Anti Commercial-AI license?

[–] [email protected] 3 points 6 months ago

The way you recover data from a totally dead drive is use a program that scans every byte and looks for structures in the data that look like files e.g. a jpeg will have a header followed by some blocks of content. In an encrypted drive everything looks like random data.

Even if you have the key, you can’t begin searching through the data until it’s decrypted, and the kind of error that makes it so your drive won’t mount normally is likely to get in the way of decrypting normally as well.

[–] [email protected] 4 points 6 months ago (1 children)

Why? What would be the problem?

On linux, you're probably using LUKS. That has a header with the keys at the beginning of each encrypted volume. If those keys (or key if you only have one) is corrupted and you don't have a backup of that, you're fucked.

The next problem is that data recovery tools mostly don't support decryption. They scan regions or the entire drive for recognizable things like partition headers, partition tables, file types, etc. if those are encrypted, well...

If you are able to decrypt a partition, then it might work as it will show up like any other device in /dev/mapper/ and you could do recovery /dev/mapper/HDD. However, I have no idea what data corruption does to encryption algorithms. If one part of what is being decrypted is faulty, what does that do to the entire thing?
This mostly comes from a lack of knowledge on my part. IIRC encryption depends on hashsums -> if you change what's being decrypted/encrypted, the entire hashsum is incorrect and thus all the data shouldn't be able to be decrypted. But I might be wrong - I'll gladly be wrong on this.

Anti Commercial-AI license

[–] [email protected] 2 points 6 months ago

On linux, you’re probably using LUKS. That has a header with the keys at the beginning of each encrypted volume. If those keys (or key if you only have one) is corrupted and you don’t have a backup of that, you’re fucked.

I got it, thanks! I will rely on SnapRaid form redundancy and on backups on multiple devices/locations.