On 08/23/2012 09:34 PM, Arno Wagner wrote: >> Well, you can have detached LUKS header on USB flash disk (optionally >> with the whole boot partition) for example. > > That is not really a good idea. LUKS on Flash/SSD may not work > as intended. I just added an entry for that to the FAQ (5.17). > For some scenarios, plain dm-cryp is just the way to go. > Of course, it requires some understanding, e.g. a high-entropy > passphrase is a must. (Where do you want to store that high-entropy passphrase? I guess most of people will use... USB disk?) Well, I think it is not that simple. You MUST HAVE high-entropy passphrase in plain dmcrypt because encryption key is directly computed (hash) from it. Too easy for people to do this step wrong, which causes worse problems than flash disk problems. (Moreover, strandards like FIPS140 explicitly forbids any encryption key derived directly from passphrases.) LUKS uses kernel RNG to generate encryption key, always. There is currently a lot of effort to ensure that /dev/urandom cannot produce weak data even in extreme situations. One problem is safe manipulation with keyslot on device, the second is separation of metadata information (LUKS keyslots in this case) from data device. (Dictionary attack is not possible for LUKS device if header is not available, but it is possible for plain dm-crypt with weak passphrase.) I have several notes to this disk/flash/SSD and will post it as separate mail... But anyway, it all depends on threat model. If it is only about securing data when laptop is stolen, no problem to use SSD or flash disks. This should be mentioned IMHO because it is most common use case. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
