diff --git a/run.py b/run.py
index e18ff7a..094f016 100755
--- a/run.py
+++ b/run.py
@@ -42,6 +42,12 @@ def blockdevice(termsize, settings):
 	settings["blockdevice"] = _ask("Install where?", os.listdir("/sys/block/"), enforce=False)
 
 
+def cryptroot(termsize, settings):
+	print("Do you want to encrypt your root partition?")
+	print("Please note that there is no way to recover your data if you forget your password.")
+	settings["cryptroot"] = _ask("Encrypt root?", [ "yes", "no" ])
+
+
 def rundir(termsize, settings, directory, validation_suffix, subfile="", ask=False):
 	for filename in sorted(os.listdir(directory)):
 		if filename[-len(validation_suffix):] == validation_suffix:
@@ -108,6 +114,7 @@ def main():
 	motd(termsize, settings)
 	efibios(termsize, settings)
 	blockdevice(termsize, settings)
+	cryptroot(termsize, settings)
 	rundir(termsize, settings, "checks", ".check")
 	rundir(termsize, settings, "steps", ".step")
 	rundir(termsize, settings, "flavours", ".flavour", "install.sh", ask=True)
diff --git a/steps/30-formatting.step b/steps/30-formatting.step
index 8a08823..1676651 100755
--- a/steps/30-formatting.step
+++ b/steps/30-formatting.step
@@ -6,11 +6,7 @@ mkfs.fat -F32 ${blockdevice}1
 echo -n "~> Do you want to encrypt root? (Y/n) "
 read answer
 
-if [ "$answer" == "n" ] || [ "$answer" == "N" ]; then
-	echo "~> There are close to no reasons to not do this, but hey, you're an adult."
-	rootformat=${blockdevice}2
-	didCrypt=0
-else
+if [ "$cryptroot" == "yes" ]; then
 	echo "~> Formatting root (/) for crypto"
 	cryptsetup -v luksFormat ${blockdevice}2
 	echo "~> Here's the header crypto:"
@@ -18,7 +14,9 @@ else
 	echo "~> Open the crypt container"
 	cryptsetup luksOpen ${blockdevice}2 cryptroot
 	rootformat=/dev/mapper/cryptroot
-	didCrypt=1
+else
+	echo "~> There are close to no reasons to not do this, but hey, you're an adult."
+	rootformat=${blockdevice}2
 fi
 
 echo "~> Formatting $rootformat EXT4"
diff --git a/steps/50-configure.step b/steps/50-configure.step
index a351074..e7f2fd4 100755
--- a/steps/50-configure.step
+++ b/steps/50-configure.step
@@ -26,7 +26,7 @@ else
 	arch-chroot /mnt grub-install --target=i386-pc /dev/*da
 fi
 
-if [ "$didCrypt" -eq 1 ]; then
+if [ "$cryptroot" -eq 1 ]; then
 	echo "GRUB_CMDLINE_LINUX='cryptdevice=UUID=`blkid -o value ${blockdevice}2 | head -n 1`:cryptroot'" > /mnt/etc/default/grub
 fi