Highest Voted 'dm-crypt' Questions - IT Security Stack Exchange

2

votes

2 answers

dm-crypt/LUKS: one-time password

I've setup arch using dm-crypt / luks, with a passphrase and a key, lost one of them will fail to login. But I feel I need more secure of passphrase, how to setup dm-crypt / luks that has one-time passphrase mechanism?

encryption luks dm-crypt

asked Jan 22 '19 at 07:34

Tuyen Pham

161
4

2

votes

1 answer

Does posting the technique I used to encrypt my Linux system make the encryption inherently less secure?

I recently encrypted my laptop, but I also wrote notes on how I did it and posted those notes online. The configuration is fairly complicated and, from what I can tell, also fairly unique. I did not put any private information in it (such as UUID's,…

linux dm-crypt

asked Jun 22 '16 at 05:10

Caleb Reister

237
1
6

2

votes

1 answer

Laptops SSD: Hardware Encryption plus DM-Crypt/Luks - Security and Performance

I just bought a new Thinkpad t450s, and put a Samsung 850 pro in it. My Cpu supports AES-NI and the SSD supports hard-ware based encryption. My question is, is there any reason to do Both Hardware-based encryption and Software (DM-crypt/Luks), or…

linux disk-encryption luks dm-crypt

asked Dec 23 '15 at 18:11

thewooster

123
3

1

vote

1 answer

Attacks on encrypted computer?

I think we all know the fact that boot-harddrives can be encrypted. Windows usually uses Bitlocker (relying on AES-CBC) and Linux / Unix usually uses dm-crypt (relying on AES-CBC) and the rest of the software usually uses XTS-mode (TrueCrypt,…

disk-encryption bitlocker dm-crypt

asked Jun 19 '15 at 20:13

SEJPM

9,500
5
35
66

1

vote

0 answers

Reading is much faster than writing with AEGIS-128

I want to use cryptographic integrity checking in Linux. Naturally, I measured performance of different implementations on my computer in order to choose the best. The block device is in tmpfs, in other words, RAM. Hence the performance is not…

encryption authentication performance dm-crypt

asked Mar 08 '21 at 13:00

beroal

139
6

1

vote

1 answer

dm-crypt 2.0.3 + luks: salt auto-generated? what affects decryption speed?

I am trying to encrypt one of my primary Linux partition (5GB) by following this example to encrypt. I want to confirm some of my understandings: Salt is automatically generated by cyrptsetup with luks? --iter-time and --hash only affects the time…

hash linux luks ciphers dm-crypt

asked Feb 20 '21 at 16:12

HCSF

143
6

0

votes

1 answer

Is it safe to mount luks over cifs?

I have a server with a .img file this is encrypted with luks(aes-256,plain64,xts,sha512) Is it safe to mount this image over cifs(samba), or does doing so risk exposing the volume password or master key?

dm-crypt

asked May 25 '15 at 09:53

Tim Jonas

807
1
7
19

0

votes

1 answer

dm-crypt over iSCSI

I recently bought a NAS that supports iSCSI. I'd like to create a new LUN, and then from my computer, create a new dm-crypt/LUKS device on it and back up to it. Is this secure? Could the data or passphrase/key be compromised if an attacker were to…

man-in-the-middle luks dm-crypt

asked Mar 07 '15 at 12:18

Luke

1

0

votes

2 answers

Is it unsecure to use only a passphrase in luks for whole system partition encryption?

When i use only a passphrase in luks for my whole system partition encryption, so i need to insert a password to decrypt my system partition to boot up my os, is this unsecure and can it be cracked with bruteforce if someone stole the laptop? What…

passwords password-cracking luks dm-crypt

asked Jul 16 '22 at 18:01

Blockchain Office

105
1
9

0

votes

1 answer

is it possible to change luks2 --key-size from 512b to 256b without losing data?

I created luks2 device with default options which used aes-xts with 512b key size.I figured out that 256b is somewhat faster than 512b from benchmarks. So, I just want to use 256b but not sure if it's possible or not using cryptsetup…

luks dm-crypt

asked Oct 30 '21 at 13:45

Akhil

105
4

0

votes

1 answer

Is there any added benefit to using a random keyfile of more than 512 bits?

Most of the online guides I found about using dm-crypt with a random keyfile use files bigger than 512 bits (64 bytes). For example: dd bs=512 count=4 if=/dev/urandom of=keyfile iflags=fullblock As the biggest key a cipher can use is 512 bits…

key-generation luks dm-crypt

asked Jul 13 '20 at 12:54

Hauyz

11
3

0

votes

1 answer

AES-256 ESSIV in dm-crypt

I am playing around with disk encryption. https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt#iv-generators says: essiv: "encrypted sector|salt initial vector", the sector number is encrypted with the bulk cipher using a salt as key. The…

linux aes kernel initialisation-vector dm-crypt

asked Jun 10 '20 at 13:10

wtdmn

3
3

0

votes

1 answer

security of cryptsetup(8) luksRemoveKey, feasibility of extracting MasterSecretKey and using it later

I looked at https://crypto.stackexchange.com/a/24024 and it seems to me cryptsetup(8) luksRemoveKey is weak. The situation: I create new LUKS volume, copy stuff into it. I add a new pass phrase, and give (a copy of) the encrypted volume and the new…

disk-encryption luks dm-crypt

asked Mar 11 '19 at 19:40

Z.T.

7,768
1
20
35

0

votes

1 answer

Access encrypted files (dm-crypt/LUKS) through web app

I'm a newbie to encryption issues and I'm trying to sort out a few questions. For a distributed application we need to deploy a server outside of our company with sensitives PDF files on it. That because those files need to be accessed through…

web-application java luks dm-crypt tomcat

asked Nov 07 '16 at 09:23

Nikolai

103
3

0

votes

1 answer

Mapping of encrypted to decrypted blocks in LUKS

Section 2.4 What is the difference between "plain" and LUKS format? of the cryptsetup Frequently Asked Questions says the primary advantage of plain dm-crypt (no LUKS) is: ...high resilience to damage, as one damaged encrypted sector results in…

luks dm-crypt

asked Oct 26 '16 at 12:34

Tom Hale

2,545
3
9
11

Questions tagged [dm-crypt]