7
1
I'm not a an expert in cryptography, but I've read the project's faqs.
How is LUKS dm-crypt secure if the key is stored with the encrypted data? To me, this seems like hanging a door key on the door it locks. Is a passphrase enough to secure it?
And a continuation: If it is secure to keep the key with the encrypted partition/container, am I correct in assuming that LUKS header backups can also be treated as normal files and not secret data?
Note: You could also use LUKS in detached-header mode; then you can treat the header file as secret, and the entire partition will look like random date to an attacker, unless they somehow obtain your header file or break the symmetric cipher. – mic_e – 2014-11-05T04:06:37.233
going meta a bit: should I have posted this question over at crypto.stackexchange.com? – Sam Parker – 2014-02-20T16:46:09.517