You are not logged in.

#1 2022-11-25 07:26:41

zostj
Member
Registered: 2022-02-11
Posts: 4

What encryption to use for internal hard drives meant for data storage

Hi guys, I'm new to encryption, at the moment I have 'Luks on Partition' full disk encryption for the SSD that holds my archlinux (root/home).

However, I have some internal hard drives that I'd like to encrypt for data storage. A lot of the full disk encryption methods i saw on arch wiki have to do with full disk encryption of the root/home partition + swap.

But what encryption should I use for non-system related hard disks that I just want to use for torrenting/downloading/storage ? The encryption methods listed in the "Data-at-rest encryption" wiki?  specifically the 'Block Device Encryption"? namely 'dm-crypt' or 'VeraCrypt' ?

With dm-crypt, I would have to setup the encryption on a blank drive/setup the partition volume ahead of time. But the drive will be tied to the linux machine it's on and won't be portable? Whereas VeraCrypt encrypted drive can be taken out of the system put in another computer and be decrypted and on top of that, i can use VeraCrypt to encrypt drives that already have stuff in them and also have the choice of not encrypting the entire drive but instead encrypt individual files or folders?

What do you guys use for encrypting storage drives? What are the pros and cons of using one vs the other? in terms of convenience/decrypting automatically on boot/having to manually decrypt, etc?

Last edited by zostj (2022-11-25 09:26:34)

Offline

#2 2022-11-25 23:13:54

jonno2002
Member
Registered: 2016-11-21
Posts: 445

Re: What encryption to use for internal hard drives meant for data storage

just use luks like you have on your ssd, totally portable, and totally up to you how you set up decrypting auto vs manual.
for example i have lvm on luks on my boot drive and luks on partition for my storage drive, i enter my password to unlock my boot drive at boot time and my storage drive is decrypted automatically via /etc/crypttab on my boot drive. i can quite easily put the storage drive in another machine and decrypt it.

no idea about veracrypt, never used it.

Offline

#3 2022-11-26 00:18:56

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,127

Re: What encryption to use for internal hard drives meant for data storage

Not sure why you think it won't be portable if you use dm-crypt?  Where does the wiki say that?


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

Board footer

Powered by FluxBB