On Fri, Nov 29, 2013 at 01:08:25 CET, Claudio Moretti wrote: > Forgot to hit "reply to all". Forwarding to the list. > ---------- Messaggio inoltrato ---------- > Da: flyingstar16@xxxxxxxxx > Data: 29/nov/2013 00:06 > Oggetto: Re: Cascading two plain dm-crypt volumes > A: anderson jackson <thewizard@xxxxxxxxxxxx> > Cc: > > > Il 28/nov/2013 23:32 "anderson jackson" <thewizard@xxxxxxxxxxxx> ha scritto: > > > > Hello, > > > > I have a small question regarding luks and plain dm-crypt, and I am unsure > > what to use. > > > > I feel that the advantages provided by Luks obviously offers extra > security > > compared to plain, however I feel uneasy about the obviousness of the fact > > that the drive is encrypted. Mainly because a disk with just random data > could > > have been wiped instead of encrypted. I would like the extra security > provided > > by luks without it being obvious that the disk is encrypted. To combat > this I > > was thinking about doing a cascade of two identical ciphers in plain mode > > I may be mistaken, but (a) if you're using plain mode, there is no > indication that the disk is encrypted; from the FAQ > > "Plain format is just that: It has no metadata on disk, reads all > parameters from the commandline (or the defaults), derives a master-key > from the passphrase and then uses that to de-/encrypt the sectors of the > device, with a direct 1:1 mapping between encrypted and decrypted sectors." Correct, but incomplete. There is also no indication that the disk is _not_ encrypted. Remember than often, if there is initial suspicion, you will have to prove your innocence. > And if you're worried about the fact that if a hacker gets you password > right he will be able to decrypt your disk, there is no guarantee that it > can happen twice. True, the probability get extremely reduced, but AFAIK > current estimates say that to crack AES128 you need 30 years of continuous > computing, so... Depends entirely on passphrase quality, see FAQ Item 5.1. If an attacker guesses that there will be some non-random data at the start (the LUKS header), breaking both encryptions is just as hard as breaking the LUKS one, if bothe pass-hrases are of similar quality. The plain mapping will be about 100'000 times easier, as it does not iterate the hash. > If instead you meant two cascaded luks partition, you still need the luks > identifier in the "inner" partition so an attacker would know when your > partition is open because the luks header of the partition will be in > plaintext. If I understood this right, it is plain(luks(data)) > All of this is to the best of my actual knowledge, if I got something > wrong, please correct me. See above. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
