HACKER Q&A
📣 webmobdev

Is data on an encrypted file-system harder to recover when corrupted?


I would like to use the encryption feature of my file systems (APFS, HFS+, ZFS) but have this irrational (perhaps ignorant?) fear that in case of some minor software or HDD / SSD hardware failure (e.g. bad sectors), more data loss may occur because of the encryption and it would also be harder to recover data from an encrypted file system. Is this fear rational? (All my file systems are currently unencrypted, and I do take regular backups.)

  👤 jaclaz Accepted Answer ✓
My two cents.

It is very rational.

It may depend on the exact method of encryption, but encryption (full disk or filesystem) - generally speaking - makes recovery impossible (as opposed to harder), at least for the affected files.

The good (or bad) news is that SSD's tend to fail anyway in an unrecoverable manner[0], hdd's had more (though still scarce) probability of recovery.

And it is needed to mention how most if not all file formats (besides plain text and a few other non-compressed formats) are anyway (even if not encrypted) rather hard to recover.

Unless you have some (very relevant) needs for encryption, avoid using it, you are anyway adding a layer of complexity to all operations on disk.

[0] in some cases the SSD firmware will protect itself by making the SSD "read only", but this happens normally after the controller has already found corruption, while recovering a partially corrupted filesystem is usually doable, recovering a partially corrupted encrypted filesystem is often impossible.

👤 aborsy
The data is encrypted per small chunks. Corruption in a chunk renders that chunk useless, but usually won’t impact other chunks. There is small sensitive data, for example the header of a LUKS volume containing the password and encryption details, that if corrupted, the whole disk can be lost. You can back up this header.

So, no, a small corruption in an encrypted disk or FS won’t necessarily impact the entire system.

In ZFS, a bit flip corrupts files in which it occurs, not the whole pool (with or without encryption).

On the other hand, you are right to be worried that encryption is another layer that can go wrong. As mentioned, password and encryption details must not be corrupted.