On Sun, Jun 04, 2006 at 05:41:46PM +1000, Michael Cassaniti wrote: > Hi, > I have recently posed a question on my Gentoo Linux forum regarding the > strength of LUKS and loop-AES. I want to know which one is more secure > based on its key length. I am no a cryptologist, but I do understand > that AES only has either a 128-bit, 192-bit or 256-bit key length. Each of which quelifies a practically unbreakable until a weakness has been found in AWS or a completely different type of computation device than the ones used today has been decoverd. > I also know that loop-AES in multi-key v3 mode will use 64 keys and a 65th > for the IV. > > What I really would like to know is, when I use a USB stick with LUKS, > will it just be a substitute for the password and only act to encrypt > the master key stored in a key slot on disk, or will it become the > actual master key, allowing several different keys (similar to the > mentioned loop-AES system) to be used? Don't be confused, I don't mean > several different master keys, since this is not possible. > > I am not an advocate of either, and dm-crypt with LUKS is easier to set > up. I just want to use the one that requires the most effort to break. > It seems that dm-crypt with LUKS is only as strong as the password(s) > given, because the master key is of fixed length, and is stored on disk. LUKS would be potentially weaker, if the actual key(s) stored on disk were weak. They are not and the passphrase is the limiting factor. However the same is true for loop-AES. LUKS has the advantage of using some techniques to make weak passwords harder to guess though. > Also, is it possible to gain more sophisticated/advanced information on > the implementation of dm-crypt with LUKS, or just dm-crypt itself? > Information such as modes of use for AES (CBC, ECB, PCBC), length of > master key in bits and similar information would be helpful. Well, a singel google finds you the LUKS homepage as first hit: http://luks.endorphin.org/ Arno > The link to the forum post is: > <http://forums.gentoo.org/viewtopic.php?p=3353555>http://forums.gentoo.org/viewtopic.php?p=3353555 > > Thank you for your time, > Michael Cassaniti > > > --------------------------------------------------------------------- > - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > -- Arno Wagner, Dipl. Inform., CISSP --- CSG, ETH Zurich, wagner@xxxxxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans Windows is the "under-3" toy of the OS world. -- Matthew D. Fuller --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
