Why is the AESni flag missing for my i5 CPU
My CPU is reported by Intel to support the AES-NI native instructions. http://ark.intel.com/products/65707 However, /proc/cpuinfo does not list the aes flag (which is what I guess is preventing me from...
View Articledm-crypt (no LUKS) passphrase entry on boot — twice [on hold]
When booting using my dm-crypted root partition, dm-crypt asks me for passphrase entry twice (once for verification): A passphrase is required to access volume sda1. I don’t want to enter my passphrase...
View ArticleHow to open multiple LUKS volumes with key entered in initramfs?
I have a Debian 7.4 (stable) based server configured to use an encrypted (RAID1 + LVM) root partition (/boot is un-encrypted regular partition) to which I installed dropbear SSH server so I can...
View ArticleHow much storage overhead comes along with cryptsetup and ext4?
I want to encrypt the content of a directory in a container with an ext4 filesystem using cryptsetup. The size of the container should be as small as possible and as big as necessary, because I only...
View ArticleFilesystem types for encrypted partitions
I wish to encrypt two external hard drives using dm-crypt/LUKS for whole-disk encryption. I want one hard drive to have an ext4 filesystem for Linux use only, and the other to have an NTFS filesystem,...
View ArticleEncrypted offsite storage using sshfs and cryptsetup/dm-crypt/LUKS
I’m interested in an encrypted offsite storage scheme, but I don’t want to depend on the vendor for encryption. I have an idea for doing so by combining sshfs with cryptsetup/dm-crypt/LUKS, but I’d...
View ArticleHow to restore an LVM container to a bigger physical partition?
The setup is an encrypted LVM container/PV that holds a few ext4 partitions. I am moving these to a new machine, but there is more room on the disk. So, I have created a bigger encrypted LVM...
View ArticleCloning a root partition onto a dm-crypt encrypted one
I have Gentoo Linux installed on a 25.93GB/62.43GB partition /dev/sda4. The other partitions on the disk are 150MB /boot on /dev/sda1 and 56,66GB unused space on other two partitions. I am planning to...
View ArticleWhy is plain dm-crypt only recommended for experts?
I am curious about the following claim from the Cryptsetup FAQ: 2.4 What is the difference between “plain” and LUKS format? First, unless you happen to understand the cryptographic background well, you...
View ArticleIs full disk encryption on a server in a secure data center pointless?
I am having a debate with several people regarding how much protection full disk encryption provides. dm-crypt is being used to encrypt data which is required by my company to be encrypted at rest. The...
View ArticleIs it safe to mount luks over cifs?
I have a server with a .img file this is encrypted with luks(aes-256,plain64,xts,sha512) Is it safe to mount this image over cifs(samba), or does doing so risk exposing the volume password or master key?
View ArticleAttacks on encrypted computer?
I think we all know the fact that boot-harddrives can be encrypted. Windows usually uses Bitlocker (relying on AES-CBC) and Linux / Unix usually uses dm-crypt (relying on AES-CBC) and the rest of the...
View ArticleMassive disk corruption on Ubuntu 15.10 with dm-crypt + LUKS full disk...
I suspect there’s a bug in Ubuntu’s default whole disk encryption setup. Here’s what happens, repeatably: I make a fresh install, Ubuntu 15.10 with whole disk encryption, overwriting the whole disk It...
View Articlewhat does LUKS header contain?
What is contained inside the LUKS header ? I know, the header has size of 2MB. Also, cryptsetup supports “detached header”, where the header can be stored in a separate file. Thus, for example, I can...
View ArticleIs plain dm-crypt equal to headerless LUKS?
If I use LUKS encryption provided --header=<file> option, will it be equivalent to using dm-crypt in terms of plausible deniability or will there still be a way to tell that the given partition...
View Articleaccess to mounted luks partition by non-root user
Recently I searched substitute for truecrypt and played a bit with cryptsetup. The steps I did: mkfs -t ext4 /dev/sdb1 sudo cryptsetup open --type luks /dev/sdb1 enc_vol sudo mount /dev/mapper/enc_vol...
View Article