Thread replies: 12
Thread images: 2
Thread images: 2
Anonymous
losetup + AES vs. LUKS 2017-02-15 07:53:32 Post No. 58960854
[Report] Image search: [Google]
losetup + AES vs. LUKS 2017-02-15 07:53:32 Post No. 58960854
[Report] Image search: [Google]
File: key-icon-4.png (25KB, 1024x1024px) Image search:
[Google]
25KB, 1024x1024px
What's more secure?
losetup with AES?
or LUKS?
LUKS has headers which draws attention if you're trying to steg it.
AES by itself doesn't have any headers at all
Are there any reasons to NOT use losetup and AES as opposed to LUKS? Ease of use is not a factor.
>>
>>58960854
You just compared encryption algorithm to a program, nice.
LUKS supports detached headers.
>>
>>58960913
yeah I'm comparing the method though. I guess the detached header is an option.. Seems kind of silly to have to look after a header file also. Guess i could encrypt the header file then. Trying to keep them in the same place. On a dvd.
>>
>>58961000
So just use dm-crypt in plain mode. Problem solved, several others created.
>>
>>58961022
Yep. Just seeing that now. Should have googled better. Didn't realize you could throw the headers out of the equation entirely using cryptsetup
>>
>>58961043
The problem is, it's as inflexible as it gets.
With LUKS, you can have multiple keys/passphrases, effortlessly change them, all because what they do is just unlock the secret key that decrypts the data. With plain mode you have a single key and that's it. If you want to change it, you have to re-encrypt the whole drive.
On the other hand, plain mode is more resistant to corruption. If the LUKS header gets corrupted, it's game over. That never happened to me, though.
Also, run "cryptsetup benchmark" before encrypting to see how different cyphers and block modes perform. AES-XTS is probably going to be the fastest, since it's commonly accelerated by CPU extensions. Don't forget that XTS splits the key in half, so you need a 512 key to do 256 AES with it.
>>
>>58961022
What types of problems can you see if this is a read only situation?
>>
>>58961193
Interesting, thanks for the info. Extremely helpful.
>>
Two cases :
1. AES is broken -> hiding your partition by not having a LUKS header isn't security, and anyone not stupid will guess that this big random chunk is encrypted. Game over.
2. AES is not broken -> you absolutely don't give a shit about your header. The data is safe anyway.
Just use LUKS. Trying to hide an encrypted volume is nonsense.
Also, LUKS probably has more scrutiny and uses proper password hashing and mode of operation. losetup seems to se a really dump encryption method which is likely not secure. But I may be mistaken on this one.
Conclusion : USE LUKS.
>>
Typo : dumb*.
Also, forget to mention : USE A FUCKING LONG RANDOM PASSWORD OR NOTHING WILL SAVE YOU.
>>
File: 1471167972720.jpg (74KB, 500x728px) Image search:
[Google]
74KB, 500x728px
>>58961193
>Using any NIST cipher
LUKS/dm-crypt is one of the most secure implementations available, though. The only other one I would trust is geom_eli.
>>
>>58961349
>Not knowing anything about crypto
Do you think the USG is using broken encryption just because it helps them spy on others ? The DUAL_EC fiasco was because they could manipulate constants, there's nothing of the sort in symmetric ciphers ; and they broke it because they didn't use it or recommend it to govt agencies. AES is fucking safe unless you come with serious proof, and using other ciphers is retarded as they have less scrutiny and are slow as hell compared to AES-NI.
Thread posts: 12
Thread images: 2
Thread images: 2