IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [luks]

LUKS (Linux Unified Key Setup) is a disk-encryption specification.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: https://code.google.com/p/cryptsetup/

Wikipedia: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

142 questions
91
votes
2 answers

How secure is Ubuntu's default full-disk encryption?

How secure is the encryption offered by ubuntu (using the disk utility)? What algorithm is used underneath it? If someone could at least provide a link to some documentation or article regarding that I would be very grateful. Reference:
Jonnathan Soares
  • 1,021
  • 1
  • 8
  • 7
51
votes
5 answers

Are there any reasonable TrueCrypt forks?

Unfortunately, TrueCrypt may have been discontinued yesterday. I use LUKS on Linux, but I liked the fact that with TrueCrypt I had a portable solution across Windows, Mac, & Linux. TrueCrypt has its own license, but it was Open Source. Are you…
Michał Šrajer
  • 4,154
  • 4
  • 18
  • 21
48
votes
4 answers

Aren't keyfiles defeating the purpose of encryption?

I just added a drive to my system which is basically a partition mounted for extra storage. I'd like to encrypt it to protect my data in case of god knows what, and by doing that I'd need to enter the passphrase every time to unlock the partition. I…
php_nub_qq
  • 787
  • 1
  • 6
  • 13
28
votes
2 answers

Right way to use the TPM for full disk encryption

I'm currently setting up a BitLocker equivalent using a TPM and LUKS. I've got the basics right and I'm able to measure the boot process and seal the FDE key using the TPM. Every time the sensitive parts (firmware, bootloader, kernel) are updated…
André Borie
  • 12,706
  • 3
  • 39
  • 76
27
votes
2 answers

Recommended options for LUKS (cryptsetup)

I'm looking for recommended options for cryptsetup to create fully encrypted SSD (SanDisk SSD U100 128GB), which achive: Timing O_DIRECT disk reads: 1476 MB in 3.00 seconds = 491.81 MB/sec Timing buffered disk reads: 1420 MB in 3.00 seconds =…
Artur Szymczak
  • 463
  • 1
  • 5
  • 8
26
votes
3 answers

For LUKS: The most preferable and safest cipher?

I'm about to encrypt two of my hard drives using LUKS, since I can't really do it myself I use the guide on the Arch Linux wiki (which can be found here). In an example in the guide the cipher specified is aes-xts-plain with a 512-bit key size. Is…
Peter
  • 261
  • 1
  • 3
  • 3
26
votes
5 answers

What does LUKS header contain?

What is contained inside the LUKS header? I know, the header has size of 2MB. Also, cryptsetup supports "detached header", where the header can be stored in a separate file. Thus, for example, I can format luks device and specify detached header in…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
19
votes
3 answers

Is LUKS still an effective option for consumer FDE considering Elcomsoft can break it?

I use Fedora Linux and was recently looking into doing Full Disk Encryption on data drives such as /home on some of my / my family's PCs. I understand that LUKS security will be partially dependent on having strong passwords and not doing very…
zpangwin
  • 321
  • 2
  • 9
16
votes
2 answers

Does LUKS protect the filesystem integrity?

I have read in: http://css.csail.mit.edu/6.858/2013/readings/bitlocker.pdf that Bitlocker does not provide data integrity since it takes more space in the disk. The PDF says also that drive encryption systems do not offer integrity of the stored…
BrunoMCBraga
  • 466
  • 4
  • 12
13
votes
3 answers

LUKS, how to make strongest possible and reasonable passphrase?

Let us say I have a volume encrypted under LUKS with a 512-bit key. That would mean there are 2 ^ 512 possible values which the key may be. Now I need a passphrase which is at least as resistant to brute force as the actual 512-bit volume…
Radmilla Mustafa
  • 1,018
  • 3
  • 10
  • 12
12
votes
1 answer

Using TPM with well-known SRK/owner passwords?

First, I will explain roughly how I plan to use the TPM: I am using something called tpm-luks which stores a key in both TPM NVRAM and adds the key to one of the LUKS keyslots. The initramfs then decrypts the root LUKS-encrypted partition using the…
mmtauqir
  • 281
  • 3
  • 9
9
votes
2 answers

Filling the disk with random data prior to encryption?

Filling the disk with random data prior to encrypting it will supposedly make it harder for the attacker to perform any cryptanalysis. Most sources seem to state this is because it will be harder for the attacker to determine what data is actually…
ioctlvoid
  • 405
  • 4
  • 10
9
votes
1 answer

Automatically Open LUKS Container on System Boot in a safe manner

I have a linux system running at a cloud provider where I created an encrypted container using LUKS to store personal data. The encrypted container is manually mounted at /srv; the rest of the system is unencrypted so that the server and especially…
phisch
  • 1,305
  • 10
  • 14
9
votes
3 answers

access to mounted luks partition by non-root user

Recently I searched substitute for truecrypt and played a bit with cryptsetup. The steps I did: mkfs -t ext4 /dev/sdb1 sudo cryptsetup open --type luks /dev/sdb1 enc_vol sudo mount /dev/mapper/enc_vol /mnt After that I (non-root user) can chdir…
NIkolay Smirnov
  • 91
  • 1
  • 1
  • 3
7
votes
2 answers

Can BTRFS provide authentication on an encrypted disk?

One of the problems of disk encryption is providing authentication. An attacker with access to the ciphertext can modify the ciphertext at will without consequence. Given, this isn't a likely attack, but nevertheless a possible one. An interesting…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
1
2 3
9 10