Forgot to hit "reply to all". Forwarding to the list.
Da: flyingstar16@xxxxxxxxx
Data: 29/nov/2013 00:06
Oggetto: Re: Cascading two plain dm-crypt volumes
A: anderson jackson <thewizard@xxxxxxxxxxxx>
Cc:
Il 28/nov/2013 23:32 "anderson jackson" <thewizard@xxxxxxxxxxxx> ha scritto:
>
> Hello,
>
> I have a small question regarding luks and plain dm-crypt, and I am unsure
> what to use.
>
> I feel that the advantages provided by Luks obviously offers extra security
> compared to plain, however I feel uneasy about the obviousness of the fact
> that the drive is encrypted. Mainly because a disk with just random data could
> have been wiped instead of encrypted. I would like the extra security provided
> by luks without it being obvious that the disk is encrypted. To combat this I
> was thinking about doing a cascade of two identical ciphers in plain mode
I may be mistaken, but (a) if you're using plain mode, there is no indication that the disk is encrypted; from the FAQ
"Plain format is just that: It has no metadata on disk, reads all parameters from the commandline (or the defaults), derives a master-key from the passphrase and then uses that to de-/encrypt the sectors of the device, with a direct 1:1 mapping between encrypted and decrypted sectors."
And if you're worried about the fact that if a hacker gets you password right he will be able to decrypt your disk, there is no guarantee that it can happen twice. True, the probability get extremely reduced, but AFAIK current estimates say that to crack AES128 you need 30 years of continuous computing, so...
If instead you meant two cascaded luks partition, you still need the luks identifier in the "inner" partition so an attacker would know when your partition is open because the luks header of the partition will be in plaintext.
All of this is to the best of my actual knowledge, if I got something wrong, please correct me.
Cheers,
Claudio
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
