// THE REBEL BLOG

Thoughts on free software, privacy, and taking back control

2026-03-126 min readSecurity

Device Security: Physical Protection and Encryption

Physical security and encryption are your first line of defense. No amount of firewall rules or network hardening matters if someone can just walk away with your laptop and read your hard drive.

In this guide, we're covering two critical aspects of device security: how modern encryption actually works, and what to do about physical threats.

Modern Encryption: How Strong Is It Really?

Here's the thing about encryption: the mathematics are solid. We're not talking about the encryption of the 1990s that governments could crack. Modern encryption is serious business.

AES-256 (Symmetric Encryption)

  • Considered unbreakable with current technology
  • Used for full-disk encryption and file encryption
  • NSA-approved for classified information
  • No known practical attacks

RSA-4096 and Curve25519 (Asymmetric Encryption)

  • Used for key exchange and digital signatures
  • Curve25519 is considered highly secure and efficient
  • Warning: Quantum computers will eventually threaten RSA
  • Post-quantum algorithms are emerging to address this

Common Implementations You Should Know

  • LUKS — Linux disk encryption. Very strong. The standard for Linux full-disk encryption.
  • BitLocker — Windows full-disk encryption. Closed source but audited and considered strong.
  • GPG — For files and email encryption. The gold standard for asymmetric encryption.
  • Signal — For messaging. End-to-end encrypted by default.
Pro Tip: For most users, AES-256 with a strong passphrase is more than sufficient. The encryption itself won't be broken—the weak point is typically the human element.

Where Encryption Falls Short

The math is solid. I cannot stress this enough. But the weak points are elsewhere:

  • Weak passwords — If your encryption passphrase is "password123," no amount of AES-256 will save you.
  • Keyloggers — Malware on your device can capture your passphrase when you type it.
  • Social engineering — Someone tricking you into giving up your keys.
  • Implementation bugs — Flaws in how the encryption was programmed.
  • Side-channel attacks — Exploiting physical characteristics like power consumption or electromagnetic emissions.
  • Metadata and headers — Even encrypted messages leak some information about sender/recipient.
The encryption itself is rarely the problem. It's usually the human behind the keyboard.

Physical Security: Leaving Your Laptop at Home

So you've enabled full-disk encryption. You're using a strong passphrase. But what happens when you leave your laptop at home?

The answer depends on your setup. Done right, it's relatively safe. Done wrong, and you've essentially handed someone your data on a silver platter.

What Could Happen With Physical Access

  • Hard drive extraction — They remove the drive and read it directly (mitigated by encryption)
  • Live USB boot — Boot from a USB stick to bypass your OS login entirely
  • Hardware keyloggers — Physical devices installed between keyboard and motherboard
  • Drive cloning — Copy everything for offline attack
Critical: Without encryption, physical access equals data access. It's that simple. With encryption, they need the passphrase—which brings us to mitigation.

Essential Mitigations

  • Full-disk encryption is non-negotiable. LUKS on Linux, BitLocker on Windows. Set it up. Now.
  • Power off. Not sleep. Not hibernate. Power off. Sleep mode can sometimes be bypassed.
  • Strong BIOS/boot password. Prevents booting from unauthorized devices.
  • Secure location. Locked room, safe, or somewhere physically inaccessible.

If your laptop is encrypted AND powered off, an attacker needs the encryption passphrase. Without it, your data is effectively inaccessible. That's the protection encryption provides.

If your laptop is NOT encrypted, anyone with physical access can read everything. Every document, every password saved in your browser, every private file.

Wireless Keyboards: An Overlooked Security Risk

Let me tell you about something most people don't think about: wireless keyboards. That convenient little dongle? It might be broadcasting everything you type.

The Risks

  • 2.4GHz keyboards (non-Bluetooth) — Often unencrypted. Vulnerable to keystroke interception from nearby attackers.
  • MouseJack vulnerability — Can inject keystrokes into vulnerable receivers. Attackers can type whatever they want on your computer.
  • Keyloggers — Attackers with the right equipment can capture everything you type from a distance.

Risk by Type

  • Old 2.4GHz dongle keyboards: High risk
  • Modern 2.4GHz (Logitech etc.): Low-medium risk — most include encryption now
  • Bluetooth 4.0+: Low risk — encrypted and authenticated
Recommendation: For high-security work, use a wired keyboard. If you must use wireless, stick to modern Bluetooth 4.0+ devices or recent encrypted dongle keyboards. Keep firmware updated.

For most users, the practical risk is low—it requires a nearby attacker with specific equipment. But if you're handling sensitive data, or if you're a high-value target, wired is the way to go.

The Bottom Line

Security is layered. Encryption protects your data at rest. Physical security protects your device from being stolen. Good habits protect you from the human element.

Enable full-disk encryption on every device you own. Power off when leaving your device unattended. Use strong passphrases. Prefer wired peripherals for sensitive work.

No system is perfect. But making yourself a harder target matters. Most attackers will move on to easier prey.

The goal isn't perfect security. The goal is making yourself not worth the effort.

// Comments

Leave a Comment

COPYRIGHT © 2026 — NO RIGHTS RESERVED