Is encrypting specific directories better than full-disk encryption?
>>108503143>is x better than ybetter how? what are your criterions?
>>108503143>is leaking metadata better than not leaking metadata?>yellow fever
>>108503143>is encrypting less better than encrypting more?
it's worse but it can be good enough
>>108503143no, but do both
>>108503143best solution right now>tpm/secure boot based root encryption with automatic unlocking with secure boot enabled.>user home directories encrypted with systemd-homed, automatic decryption with user passwordcompletely transparent and fully encrypted.
MODS
>>108503143depends, as usual, on your goalsthe problem will full-disk is that once the machine is on the key is in memory and then all the usual attacks on your OS/software apply whereas with specific encryption an attack on that may only give you access to ciphertextalthough there's little argument against both full-disk and then specific encryption unless you're trying to hide the fact that you're using encryption at all
>>108503143>irrelevant time-wasting question>lust provoking image
>>108503143self-encrypted drives with ext4
>>108503604Alpine's wiki has a guide for steganographically embedding one os into another.
>>108503218>criterionsRetard
>>108503604I vaguely remember reading that even with FDE (with or without encrypted /boot on a USB along with its LUKS headers), there are still indicators that imply there being an encrypted OS on a drive instead of it being just a drive secure erased with random data. This applies to plain mode as well. I remember one of the points being in relation to the partition table being an indication. I have no use case for that level of obscurity, but it's still interesting to read about.
>>108503369The password in question? 1234 of course.
>>108504036Shut the fuck up. Don't bully him. He's under my protection and you are going to address him with respect.
>>108503143I'd encrypt her full-disk if you get what I mean.
>>108503143you should be using full disk encryption on everything that is the default. use specific folder/file/archive encryption on top of that if you handle sensitive information like crypto encryption keys,personal shit,extralegal recreational narcotics related shit .... in case you suspect someone would try to snatch your pc from you while the entire drive is decrypteda better idea for this if you actually handle sensitive shit you want encrypted is to just install tails os on a usb drive and keep the sensitive shit on there and only insert+decrypt it when you need it
>>108504036>I'm a fag who randomly switches to latin grammar for literally NO FUCKING REASONI'm glad your datums are being harvested by this website
