On Feb 21, 2025, Frank Guthausen wrote: > On Fri, 21 Feb 2025 05:07:10 -0500 > gene heskett <ghesk...@shentel.net> wrote: > > > > my home net, is behind dd-wrt, in plain text. on an address block > > that does not get thru a router. And in 30 years I have not been > > touched. > > LUKS addresses a completely different attack vector than network > intrusion. As long as the LUKS device is decrypted on a running > machine it is not much of a help. LUKS protects data during the > encrypted state, e.g. when a stolen laptop was in shutdown state > at that time, and it helps to protect data when disks are up to > renewal and someone else has got access to the older disks later. > Without LUKS the disk erasing process needs time and might well > be quiet expensive.
Yes and no with the erasure thing -- a handful of SSD options nowadays do onboard / integral encryption, so "erasing" the drive is essentially just "deleting the secret key" But then again, SSDs are quite expensive per TiB if you're talking about a storage array. -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
signature.asc
Description: PGP signature
