security of cryptsetup(8) luksRemoveKey, feasibility of extracting MasterSecretKey and using it later

I looked at https://crypto.stackexchange.com/a/24024 and it seems to me cryptsetup(8) luksRemoveKey is weak.

The situation:

I create new LUKS volume, copy stuff into it.
I add a new pass phrase, and give (a copy of) the en… Continue reading security of cryptsetup(8) luksRemoveKey, feasibility of extracting MasterSecretKey and using it later

Are multiple encrypted containers with the same passphase containing the same files a cryptographic risk?

Situation as follows:

Let’s assume two (or more) containers, encrypted using the same passphrase.
They will contain the same files. So their content is identical.
However, the containers themselves aren’t identical files – … Continue reading Are multiple encrypted containers with the same passphase containing the same files a cryptographic risk?

Does full disk encryption offer mitigation in the case of the firmware of an SSD being compromised?

Suppose the firmware of an SSD or HDD has been compromised by rogue actors either through “interdiction” (interception) or via the internet. They are able to exfiltrate data and conduct surveillance at will without my knowled… Continue reading Does full disk encryption offer mitigation in the case of the firmware of an SSD being compromised?