Hi, first I should say that the FAQ is sadly out of date with regard to anything TrueCrypt, as I wrote most of it well before TrueCryupt support was added. Feel free to point out anything that needs adjustment, I will eventually find the time to do it ;-) It should also be said that TrueCrypt format is an "alien" option, in my view primarily for secure data-sharing with Windows. (Milan: If the strategic intention is different, please correct me.) As such, a full comparison or representation as primary format option is probably not a good idea. On Sat, Apr 13, 2013 at 05:39:00PM -0400, .. ink .. wrote: > section 2.2 of FAQ talks of differences btw plain and luks volumes.It would > be nice if the FAQ would also talk of differences btw luks and truecrypt > since cryptsetup now supports truecrypt volumes. > > Two differences i can think of are: > 1. truecrypt volume header is hidden while luks volume header is open. Not really. The TrueCrypt headers per default are open. Only if you use the "hidden Volume" option are they hidden and they are not hidden very well, as _that_ seems to be infeasible. > 2. luks can use upto 8 keys while truecrypt only uses one. No multiple keys in TrueCrupt? That is a serious limitation. > 3. luks doesnt support hidden volumes. Wel, yes. Not that they are helping. I know that forensics people now routinely do entropy analysis of unused and used disk space, so these volumes are not very hidden anymore. Not that they were before. Encryption is for access control, not for hiding data. For that use steganography. > Is there any other? cryptographically,plain volumes seem to be weaker > compared to luks volumes.what about luks compared to truecrypt? Plain is at the same strenght, but you need a good passphrase. > since truecrypt also uses a header,assuming the same use cases and with the > same number of users,will truecrypt volume's header be corrupted at the > same rate luks headers will? Well, plain TrueCrypt volumes seem to include header backups (whith all the security problems that brings), but not for system encryption. It should also be noted that so far all reported LUKS header and keyslot corruptions were due to user error or in one case distro-installer error (Ubuntu). As Linux treats you like a responsible adult, the option to corrupt your headers is always there. And with TrueCrypt system encryption, it seems about as likely to happen ad with LUKS when using Linux. Windows makes everything much harder, including damaging your encrypted volume. > Also,cryptsetup 1.6.0 added supported for opening of truecrypt volumes but > nothing is currently mentioned on adding support for creating of truecrypt > volumes.Is the support planned at some point in the future? I don't think so. See above. Seriously, if you want to create a TrueCrypt volume under Linux, use the TrueCrypt tools, not cryptsetup. Now, if there is interest, I can add a "TrueCrypt" section to FAQ section 7, naybe even giving a brief discussion of the differences to LUKS. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt