Is ubuntu standard disk encryption safe?

When I boot my ubuntu it asks for a password to decrypt the drive, is this setup safe or is it like apple where the FBI obtained the secret keys.


Comments


[3 Points] RIP_Meth_9000:

https://security.stackexchange.com/questions/39306/how-secure-is-ubuntus-default-full-disk-encryption

https://www.wilderssecurity.com/threads/full-disk-encryption-in-linux-ubuntu-mint-secure.372299/

http://www.gaztronics.net/howtos/luks.php

https://security.stackexchange.com/questions/79008/security-of-linux-full-disk-encryption-ubuntu-mint-insecure


[2 Points] Bigbananas956:

Ubuntu is entirely open source, I dont believe theres any way that they would be able to get any sort of encryption keys from Canonical.

As far as I'm concerned, it boils down to this: If you aren't a vendor, or aren't buying kilos and reselling them on the street, any sort of encryption is going to be sufficient.

No average sized local police department is going to attempt to break any disk encryption, they probably do not even have people on payroll to do that task. If the crimes you're committing aren't enough to attract FBI attention, a fully encrypted laptop will probably just sit in an evidence locker indefinitely. Bigger cities, especially NYPD, would probably be an exception to this. NYPD is basically a local military; they have their own very sophisticated intelligence apparatus and military level technology and weaponry. If your encryption setup has serious flaws, and you've done something that makes them reallllly want access to your computer, NYPD is probably getting in.

But if you're ordering an ounce of weed to your suburban home in some city of 50,000, they're not breaking any encryption methods.


[1 Points] penguinmixer:

My belief is that if the following is true, then even a powerful nation's intelligence/law enforcement agencies are not going to break your Ubuntu disk encryption: 1.There were no hardware or operating system backdoors implanted in your laptop before you encrypted it. 2. You did not get infected by malware at any point, as this malware could steal your encryption key. 3. You chose a sufficiently-strong passphrase as to make dictionary or brute force attacks infeasible. 4. You did not use a passphrase that you used for something else that LE might be able to subpoena, such as your e-mail accounts. 5. You were not subjected to an "evil-maid" attack (in which someone tampers with your laptop while it's shut down without you knowing it, and then the next time you turn it on and enter your passphrase that passphrase is stolen). 6. Your laptop is shut down when captured by LE (if it is powered on then there are tools which can extract the decryption key from RAM).

There are cases in the news of LE not being able to decrypt a laptop. One high-profile example is Lauri Love, who is accused of hacking US government websites. The British government is currently trying to use the court system to force him to decrypt his computers (or else he will be put in jail for contempt of court). Below is the article:

https://www.techdirt.com/articles/20160510/08042734397/judge-rejects-attempt-to-force-lauri-love-to-decrypt-his-computers-despite-never-charging-him-with-crime.shtml