TLDR: Use a secure passphrase if you want the device protected against any resourceful actor
When most distros provide encryption with LUKS they at least ask you to set up a credential. Almost all distros just ask for a password. They don't seamlessly allow setting up in other ways in a UI like BitLocker does or in the installer. You often need to read up on docs and such which can be tiresome.
LUKS full disk encryption in how most users would know it would only be safe if they used a long, secure passphrase that would be impossible to brute force. A short 6 digit numeric PIN works for some phones because a secure element throttles unlock attempts but would be brute forced very quickly on LUKS, VeraCrypt and so on because they aren't using a TPM for throttling.
Secureblue (hardened Linux distro we like) supports LUKS with TPM and also FIDO2.
Final
npub1hx…sg75y
2026-01-23 19:05:33 UTC
in reply to nevent1q…4q9a
Author Public Key
npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75ySeen on
wss://nostr.momPublished at
2026-01-23 19:05:33 UTCEvent JSON
{
"id": "e1539198aaf89dfa2824a5cbae79b5eef7404a711a90b6313e1867a1cf9a1687",
"pubkey": "b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"created_at": 1769195133,
"kind": 1,
"tags": [
[
"alt",
"A short note: TLDR: Use a secure passphrase if you want the devi..."
],
[
"e",
"ec5f47bc4919ba3062a9eac3353fa69f0caec147ce04e1a3ba2ded06a87469b9",
"wss://relay.damus.io/",
"root",
"609f186ca023d658c0fe019570472f59565c8be1dc163b1541fac9d90aa4e8af"
],
[
"e",
"3bad15649942c503f40cc0fdfdd58902040f358267c0e42b206578915a13c9a8",
"wss://nos.lol/",
"",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22"
],
[
"e",
"6100b6ca018bab8bde3b64a0725dcd989e0f2eece9876717f066e743efd11f99",
"wss://nostr.land/",
"reply",
"010df0c948fe9ab54d2cb7ea420ffa08d57958981b6ea68e83aaa7eb2dd3f05a"
],
[
"p",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"wss://nostr.mom/"
],
[
"p",
"010df0c948fe9ab54d2cb7ea420ffa08d57958981b6ea68e83aaa7eb2dd3f05a",
"wss://nostr.wine/"
]
],
"content": "TLDR: Use a secure passphrase if you want the device protected against any resourceful actor\n\nWhen most distros provide encryption with LUKS they at least ask you to set up a credential. Almost all distros just ask for a password. They don't seamlessly allow setting up in other ways in a UI like BitLocker does or in the installer. You often need to read up on docs and such which can be tiresome.\n\nLUKS full disk encryption in how most users would know it would only be safe if they used a long, secure passphrase that would be impossible to brute force. A short 6 digit numeric PIN works for some phones because a secure element throttles unlock attempts but would be brute forced very quickly on LUKS, VeraCrypt and so on because they aren't using a TPM for throttling.\n\nSecureblue (hardened Linux distro we like) supports LUKS with TPM and also FIDO2.\n\n",
"sig": "2eef265d4dea7cb8fab98f52bedaa6453947078058cb7c36c5272e04b42988821f3fba93f5e7c210d2c90382c1ae689fecbef6de2bec6d02f793af0269f401ea"
}