Is there an AES 256 LUKS encryption option in Fedora?

Question

I have certain information on my drive that I don't want anyone (not even me ;) ) to gain access to. I read recently that Fedora only offers EAS 256 LUKS encryption. This just isn't secure enough for me. I want 256 or stronger for my entire drive.

Now I'm confused because on this site: http://docs.fedoraproject.org/en-US/Fedora/14/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html it says that Fedora only supports 128 - bit. Though here: How secure is Ubuntu's default full-disk encryption? it says that LUKS uses 256 - bit, or is this for Ubuntu only.

Is there a way that I can use 256 or stronger AES full disk encryption on Fedora?

Because this is a OS-specific configuration/use question, it might be better asked on superuser. — schroeder, Nov 18 '14 at 18:15
EAS 256 isn't good enough and you want 256 or stronger? Please at least re-read what you write. Oh, and 128 *is* good enough. — Gilles 'SO- stop being evil', Nov 18 '14 at 23:35

score 1 · Answer 1 · edited Mar 17 '17 at 13:14

1

When you say that 128 bits are not enough for you, and you really want 256 bits, then you are basically saying one of the two following things:

Laws of physics do not apply to you.
You do not understand what key size is, and you just want the biggest number, the cryptographic equivalent of painting your car in red to make it go faster.

Your choice.

See this question on more information on the subject.

As for your specific question, see the documentation and try for yourself with a toy example. If you use "-s 256" as parameter to cryptsetup and it does not blow up in your face, then you can rejoice in your huge key.

See also the contents of the /proc/crypto file on your machine; this will tell you which algorithms are supported by your machine, and with which key sizes (warning: key sizes in /proc/crypto are expressed in bytes, not bits).

edited Mar 17 '17 at 13:14

Community

1

answered Nov 18 '14 at 21:55

Tom Leek

168,808
28
337
475

Replace "Laws of physics do not apply to you." with "Laws of classical physics do not apply to you" and I agree with you. Otherwise, I disagree with your dismissal of 256-bit key length, because quantum physics brings us Grover's algorithm, and Grover's algorithm hints that we may someday need larger keys than 128-bit. – Jay Sullivan Aug 10 '19 at 22:38
@JaySullivan **If you are hallucinating attackers with quantum computers wanting your family photos, you have bigger issues than what encryption strength to choose. AES-128 is the correct choice for every normal person. And is faster while being equally safe for normal people:** https://www.ubiqsecurity.com/blog/128bit-or-256bit-encryption-which-to-use/ – Mitch McMabers Dec 06 '21 at 18:00

Is there an AES 256 LUKS encryption option in Fedora?

1 Answers1