HackadayRemotely Unlocking an Encrypted Hard Disk
https://fed.brid.gy/r/https://hackaday.com/2026/03/06/remotely-unlocking-an-encrypted-hard-disk/
Remotely Unlocking an Encrypted Hard Disk https://hackaday.com/2026/03/06/remotely-unlocking-an-encrypted-hard-disk/
#LinuxHacks #Diskencryption #Encryption #Initramfs #Linux #Systemd #Tailscale
#LinuxHacks #Diskencryption #Encryption #Initramfs #Linux #Systemd #Tailscale
Rob PegoraroThe data that I didn’t know I didn’t have to back up to Microsoft’s cloud
I spent more time than I’d planned Friday afternoon poking around the security settings of my Windows laptop, then undoing one setting that I am somewhat embarrassed to admit I had scarcely thought about over the previous two and a half years of using this HP.
The FBI gets some credit for that for making me rethink my own device security after some of its agents raided Washington Post reporter Hannah Natanson’s home two weeks ago and seized several of her devices–an obvious move to intimidate journalists– leaving the storage encryption on that hardware as the last line of defense for her data.
Forbes security writer Thomas Brewster gets the rest of the credit for a strong post Friday morning unpacking how Microsoft’s approach to device encryption via its BitLocker software can leave Windows computers open to law enforcement investigators who bring a valid legal order to the company requesting a particular user’s encryption recovery key.
“It’s possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience,” Brewster wrote. “While that means someone can access their data if they forget their password, or if repeated failed attempts to login lock the device, it also makes them vulnerable to law enforcement subpoenas and warrants.”
He reported that Microsoft gets about 20 requests a year for BitLocker keys but cannot respond to many of them because the customers involved didn’t back up those keys to its cloud.
Windows 11 Home’s Device Encryption isn’t branded as BitLocker in the Settings app, but it runs on the same framework. And as in the Pro, Enterprise and Education editions of Windows 11, it allows a choice of key-backup locations–which I did not realize until eyeballing Microsoft’s documentation after I’d read Brewster’s post.
I had gone unthinkingly with the default of having the recovery key backed up to my Microsoft 365 cloud storage; I don’t remember even being presented with a choice when I set up the computer in August of 2023. But since the key is only a string of 48 numbers periodically separated by dashes, there was no point in keeping it there.
Instead, I saved it in my end-to-end-encrypted password manager 1Password, where the security design does not expose backdoors that can be opened with a court order. Then I deleted the backed-up recovery key from my M365 storage after clicking a checkbox to confirm that I’d saved the key elsewhere–along with seven older ones I found saved there, going back to a Surface laptop I reviewed a decade or so ago.
(I don’t know how long it will take for this data to be gone from my online storage, although there is the option of decrypting and re-encrypting the laptop to ensure the old key is useless.)
I never should have taken Microsoft up on this offer. But Microsoft should not be leaving users in this position–as Johns Hopkins University cryptography professor Matthew Green told Brewster in that article. Apple’s FileVault device encryption now automatically encrypts recovery keys backed up to the company’s iCloud service (see this explainer from my friend Glenn Fleishman at Six Colors), leaving nothing for a third party to inspect with a warrant.
There are many areas where Microsoft can’t readily catch up with Apple, starting with having a mobile platform to complement its desktop operating system. But this should not be one of them.
#BitLocker #diskEncryption #encryption #FBI #HannahNatanson #keyEscrow #M365 #Microsoft365 #MicrosoftBackup #Windows11Home #WindowsDeviceEncryption
AnonInfoI successfully encrypted the root drive of the Asahi Linux installation on my M2 MacBook Air.
I used these tools:
https://davidalger.com/posts/fedora-asahi-remix-on-apple-silicon-with-luks-encryption/
https://github.com/osx-tools/asahi-encrypt
https://github.com/leifliddy/asahi-fedora-usb/blob/main/README.md
あらしI was thinking of encrypting my drive on #Fedora, but I can't without some sort of formatting after installation. I wish I knew I could had set it up during installation.
Now I am too lazy to reinstall, even though I have a backup of my home directory.
Neustradamus :xmpp: :linux:#Veracrypt 1.26.26 (dev) has been released (#TrueCrypt / #CipherShed / #DiskCryptor / #OTFE / #Crypto / #Encryption / #DiskEncryption / #Argon2 / #Argon2id / #GOSTBlockCipher / #RFC7801 / #RFC8891 / #BLAKE2s256 / #Streebog / #AES / #Camellia / #Kuznyechik / #Twofish / #IDRIX / #AMCrypto) https://veracrypt.io/
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.
#Veracrypt 1.26.25 has been released (#TrueCrypt / #CipherShed / #DiskCryptor / #OTFE / #Crypto / #Encryption / #DiskEncryption / #Argon2 / #Argon2id / #GOSTBlockCipher / #RFC7801 / #RFC8891 / #BLAKE2s256 / #Streebog / #AES / #Camellia / #Kuznyechik / #Twofish / #IDRIX / #AMCrypto) https://veracrypt.io/
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.
#Veracrypt 1.26.24 has been released (#TrueCrypt / #CipherShed / #DiskCryptor / #OTFE / #Crypto / #Encryption / #DiskEncryption / #GOSTBlockCipher / #RFC7801 / #RFC8891 / #BLAKE2s256 / #Whirlpool / #Streebog / #AES / #Camellia / #Kuznyechik / #Serpent / #Twofish / #IDRIX / #AMCrypto) https://veracrypt.fr/
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.
kriware 
Disk Encryption: Wide-Block Modes, Authentication Tags Aren’t Silver Bullets
Analyzes XTS mode's vulnerabilities and discusses IEEE's proposed key scope limits.
Bhavani Shankar 💭Why I don't use full disk encryption:
https://bshankar.pages.dev/full-disk-encryption/
#linux #security #performance #diskencryption #veracrypt #gocryptfs #ssd #nixos #tailsos
https://bshankar.pages.dev/full-disk-encryption/
#linux #security #performance #diskencryption #veracrypt #gocryptfs #ssd #nixos #tailsos