IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [luks]

LUKS (Linux Unified Key Setup) is a disk-encryption specification.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: https://code.google.com/p/cryptsetup/

Wikipedia: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

151 questions
5
votes
1 answer

Does mounting a LUKS partition authenticate it?

Can I be sure that the (unencrypted) contents of my LUKS volume were not tampered with if it accepts my passhprase on an otherwise trusted system? In other words, can an attacker with access to my encrypted LUKS partition create another encrypted…
matega
  • 379
  • 1
  • 8
4
votes
2 answers

Does it makes sense to change the LUKS password in every 90 days?

Linux, NetBSD, etc. can be installed with LUKS, so besides the /boot, all other FS will be encrypted. Probably the kernel needs to be booted before the password prompt gets to the user. The LUKS password My question: Does it makes sense to change…
evachristine
  • 633
  • 5
  • 9
2
votes
0 answers

How to secure remote console LUKS passphrase entry?

Say I have a Linux server running on my own metal and wish to encrypt the hard drive using LUKS. After a power failure, how can I enter my passphrase remotely without compromising it?
sunknudsen
  • 219
  • 1
  • 12
2
votes
2 answers

Is deleting LUKS keys during operation a good way to protect my data?

Let's say Alice owns a server that stores highly sensitive data. Let's further assume the data is worth a lot, but losing all data is way less of a problem than having it read by attacker Mallet. To have the data safe in normal operation, all the…
RenWal
  • 53
  • 6
1
vote
0 answers

Would using an interation count greater than 1 with a random keyfile of length greater than the master key be of any benefit?

If I were to have a 4096-bit file of random data (/dev/random) used as a keyfile for LUKS, would there be any benefit to having a key iteration count higher than 1? My reasoning is that the attacker could choose to guess the contents of the 4096-bit…
Siddu
  • 11
  • 1
1
vote
1 answer

Does changing the keyfile of a LUKS volume after opening it increase key security?

Assuming there is a LUKS volume that uses a keyfile and the keyfile is autogenerated before opening the volume and deleted after use, does changing the keyfile prevent it from being stolen from the RAM in this scenario? Creating the LUKS volume…
pwnd
  • 103
  • 5
1
vote
1 answer

Forget LUKS password after mounting or lock LUKS partition when unmounted

When I unmount a LUKS partition using Nautilus, it gets unmounted and locked. Using the command-line, I have to: sudo cryptsetup luksClose encrypted_volume after unmount, otherwise, re-mounting the unlocked volume is possible. Can I make the…
Quora Feans
  • 1,891
  • 1
  • 12
  • 20
0
votes
1 answer

Is there any security risk with a LUKS-encrypted hard drive being improperly unmounted?

I have a portable harddrive that is encrypted with LUKS. On a computer I use it on, the computer bugs out sometimes and won't let me unmount it correctly. If the computer is powered off without a shutdown, or if the mounted HD is simply unplugged,…
Kefka
  • 135
  • 4
0
votes
2 answers

LUKS HDD Encryption crack

I need help. I actually encrypted two mouths ago my external HDD with LUKS but know i have lost my password. I am so depressed because, all of my life is on this HDD. Is there any possibility to get back my files: i think i almost know the…
Bernard
  • 11
  • 1
  • 3
0
votes
1 answer

When using LUKS, which parts of the hard disk are not encrypted?

Due to stories like the following: https://hackerone.com/news/pink-panther (forced at airport customs to decrypt laptop) being more and more frequent, I thought of the following. What if you simply travel with a laptop where you encrypted the…
sukosevato
  • 461
  • 3
  • 6
0
votes
1 answer

luks increase delays between password attempts

From what I understand, argon provides a delay between password attempts. Does luks allow increasing or reducing the delay?
CarriMegrabyan
  • 1
0
votes
0 answers

How to find the encrypted master key in LUKS header

One assignement of my teacher is driving me crazy because I don't think I'm that far from the solution but I still can't get it so I hope someone will be able to help me figure it out. Assignment The assignment in short is as follow : create a LUKS…
Ripitchip
  • 1
  • 1
0
votes
1 answer

Is the following protocol a good method for encrypting a non-OS hdd?

I find the following somewhat confusing, but it doesn't have many steps. Is this a solid method for encrypting a hdd with LUKS? Here’s the process in few steps: Create a LUKS partition cryptsetup luksFormat --hash=sha512 --key-size=512…
topencrypt
  • 13
  • 5
0
votes
1 answer

dmcryt_write process in TOP but no WRDSK indicated

I am using LUKS over RAID0. I have executed cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha256 --iter-time 2000 --use-urandom --verify-passphrase luksFormat /dev/md0 Everything shows me that the partition is LUKS protected…
akira2x3x
  • 133
  • 2
  • 6
-1
votes
1 answer

LVM on LUKS implementation

LVM on LUKS is the only secure option for encrypting a Linux/Ubuntu USB system. If someone gets access to an unencrypted USB that's not LVM on LUKS they know what it is and what's on it. However LVM on LUKS is not easy to implement, so would anyone…
Caleb
  • 1