Collaborate Disseminate
I remember about 90% of my password used for encrypting the persistent user data file system (stored as knoppix-data.aes) while setting up Knoppix a few years ago and would now like to explore the feasibility of a dictionary brute-force at… Continue reading Any information on the encrypted Knoppix user data file system (knoppix-data.aes)?
Context
I’m working to make an embedded devices safe against physical access. (publicly accessible device and can be easily stolen)
I already made the following action :
secure boot is enabled on cpu, bootloaded is signed
Image is also si… Continue reading How to safely use dm-crypt as overlayfs uper partition?
Encryption with plain dm-crypt is often positioned as encryption that cannot be recognized. But is it really so? Are there ways to prove that the data is encrypted with plain dm-crypt? How to bypass these methods?
When I use only a passphrase in LUKS for my whole system partition encryption, so I need to insert a password to decrypt my system partition to boot up my OS, is this unsecure and can it be cracked with brute force if someone stole the lap… Continue reading Is it unsecure to use only a passphrase in luks for whole system partition encryption?
I created luks2 device with default options which used aes-xts with 512b key size.I figured out that 256b is somewhat faster than 512b from benchmarks. So, I just want to use 256b but not sure if it’s possible or not using cryptsetup comma… Continue reading is it possible to change luks2 –key-size from 512b to 256b without losing data?
I want to use cryptographic integrity checking in Linux. Naturally, I measured performance of different implementations on my computer in order to choose the best. The block device is in tmpfs, in other words, RAM. Hence the performance is… Continue reading Reading is much faster than writing with AEGIS-128
I am trying to encrypt one of my primary Linux partition (5GB) by following this example to encrypt.
I want to confirm some of my understandings:
Salt is automatically generated by cyrptsetup with luks?
–iter-time and –hash only affects… Continue reading dm-crypt 2.0.3 + luks: salt auto-generated? what affects decryption speed?
Most of the online guides I found about using dm-crypt with a random keyfile use files bigger than 512 bits (64 bytes).
For example:
dd bs=512 count=4 if=/dev/urandom of=keyfile iflags=fullblock
As the biggest key a cipher can use is 512 … Continue reading Is there any added benefit to using a random keyfile of more than 512 bits?
I’ve been looking to purchase a new laptop and I need to have security in mind. I’ve specifically been looking for laptops with discrete or integrated TPM because it’s been my understanding that TPM would improve disk encryption security, … Continue reading How safe is dm-crypt/LUKS? Would TPM make me more secure in this case?
I am playing around with disk encryption. https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt#iv-generators says:
essiv: “encrypted sector|salt initial vector”, the sector number is encrypted with the bulk cipher using a salt as k… Continue reading AES-256 ESSIV in dm-crypt