Hello, I have a small question regarding luks and plain dm-crypt, and I am unsure what to use. I feel that the advantages provided by Luks obviously offers extra security compared to plain, however I feel uneasy about the obviousness of the fact that the drive is encrypted. Mainly because a disk with just random data could have been wiped instead of encrypted. I would like the extra security provided by luks without it being obvious that the disk is encrypted. To combat this I was thinking about doing a cascade of two identical ciphers in plain mode, in this case AES because the AES-NI acceleration will severely limit the performance penalty of cascading two ciphers, I had the following setup in mind: first step: cryptsetup –-cipher=aes-xts-plain –-offset=0 –-key-size=512 open –-type=plain /dev/sdx cascade1, with the first independend password. Second step: cryptsetup –-cipher=aes-xts-plain –-offset=0 –-key-size=512 open –-type=plain /dev/mapper/cascade1 cascade2, with the second independed unrelated password. Third step: nwipe --rounds=1 --noblank --prng=twister --method=random /dev/mapper/cascade2, this will fill the last block device with random data to completely fill up the entire disk. Fourth step: format the last block device with ext4. My theory then is, that even when an attacker finds the first passwords, he will never know he has because the result will be random just as with a wrong password. In fact all possible passwords will result in random data. The attacker has no way of knowing if there are cascades and how many. Am I right to come to this conclusion or should I stick with luks and deal with it being an obvious encrypted disk? Kind regards. ____________________________________________________________ South Africas premier free email service - www.webmail.co.za Save 25% on insurance – Dial Direct http://www.dialdirect.co.za/smart-gets-a-tomtom?vdn=15752 _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
