I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
It is, these days. Ubuntu and Fedora, for example. But you still have to select it or it won’t happen. PopOS, being explicitly designed for laptops, has it by default.
Depends on your passphrase. If you follow best practice and go with, say, a 25-character passphrase made up of obscure dictionary words, then no, even a state will not be cracking it quickly at all.
Exactly. This is the weak link of disk encryption. You usually need to turn off the machine, i.e. lose the key from memory, in order to get the full benefits. A couple of consolations: (1) In an emergency, you at least have the option of locking it down; just turn it off - even a hard shutdown will do. (2) As you say, only a sophisticated attacker, like the police, will have the skills to break open your screenlocked machine while avoiding any shutdown or reboot.
Another, less obvious, reason for encrypting: it means you can sell the drive, or laptop, without having to wipe it. Encrypted data is inaccessible, by definition.
Encryption of personal data should be the default everywhere. Period.
Well said. LUKS implements AES-256, which is also entrusted by the U.S. government and various other governments to protect data from state and non-state adversaries.