Why would you use this when there is LUKS? >there are users

I use LUKS on Linux, veracrypt on windows.

>>62277697
defend your position then, bikeshed shitpost idiot

>>62277697
Because it's easy to use and just works.

File: matkalippujen tarkastus.png (108KB, 331x351px) Image search: [Google]

108KB, 331x351px

>>62277697
does luks have a gui for stuffs?

>>62277697
I thought vera was compromised

>encrypting drives

Wannabe infosec snowden acolytes

>>62278428
Yes. You can create a LUKS encrypted partition in gnome disk utility (and change passwords of existing partitions). A lot of distributions give you the option of encrypting in the installation wizard.

>>62277878
LUKS is better and has been around a long time. It is also on open source operating systems. Never understood why people encrypt on closed source Windows because the OS is a higher level.

LUKS is easy and just works.

>>62277697
>shilling LUKS
Fuck off, CIA.

>>62277697
Will use luks when it's on Windows. Don't want to use a non-functioning od just to play tinfoil. I have no cp to hide.

>>62278456
You don't encrypt your laptop?
What will you do when Tyrone takes it and your personal data?

>>62279028
I don't know anyone by that name

>>62279075
You mom/sister/g̶i̶r̶l̶f̶r̶i̶e̶(yeah nah)/boyfriend does though.

>>62279016
>when it's on Windows
>when Linux Unified Key Setup is on Windows

>>62277697
why would i use it

tell me your avreage Joe what is such a pro that I should use full operating system encryption

>>62277697
>there are users on /g/ that don't do full operating system encryption
Fuck you nigga, I used full disk encryption with veracrypt and luks. both of them fucked me over. veracrypt kept telling me my password is incorrect even though it wasn't, i even tried to restore the master key or w/e the fuck it is called using the recovery disk. guess what? IT NEEDS YOUR PASSWORD WHICH IS WRONG, EVEN THOUGH IT'S NOT! FUCK THAT JEW SHIT. LUKS IS FOR KEKS.

/THREAD

HEIL HITLER

>>62278446
Nope. It passed audit.

>>62280644
>strikethrough
HOW?

>>62277697
luks and dm crypt are pain to use if you want a non standart setup

I wanted to have a separate bootloader on a removable media and was unable to so because its a feature but its almost undocumented
This is piss easy with truecrypt (only on windows though, linux version doesnt have this)
I assume same is for veracrypt( I went with satandart luks in the end and havent actually used veracrypt)

>>62278456
>Please, come steal my info, I have nothing to hide!

>>62280812
̶L̶i̶k̶e̶ ̶t̶h̶i̶s̶,̶ ̶y̶o̶u̶ ̶P̶u̶s̶s̶y̶-̶F̶a̶g̶g̶o̶t̶-̶N̶i̶g̶g̶e̶r̶!̶

Why not both? Disk encryption with luks, usb and special files vera. or better yet tomb.

How to full disk encryption with dual-boot? Help me anons!

>>62277697
Because when I installed openSUSE with full disk encryption it was a buggy piece of shit. For example, I noticed I couldn't install packages because it told me I have no space left, even though I had plenty of GBs, there were problems with mounting encrypted partitions, etc... Thanks, no, I will use VeraCrypt that I trust and has never failed me.

VeraCrypt gives you plausible deniability with its hidden containers.

>>62279075
you don't have to know Tyrone, Tyrone knows about your sweet Laptop and just sees some bucks in it, he simply doesn't care about who you are, he just wants to steal.

>>62280909
Are both Linux/BSD?

What's the point of encrypting your disk if the hardware spyware in your CPU just reads your key from memory and sends it to the NSA

File: 9fe69ef6f0fa2553de73d4a47e143eebd01c08f44c8d0f527c727ee595aac9e8.jpg (33KB, 433x480px) Image search: [Google]

33KB, 433x480px

>>62277697
I use VeraCrypt because it's based on the TrueCrypt codebase, it's security was proven in U.S. federal court. The feds were unable to break the encryption on some degenerates laptop. Plus it has undergone a security audit and all issues found were fixed.

LUKS/dm-crypt has hardly any documentation at all and most installers don't let you change the options, hell they don't even inform you what default options they're using so you have no idea if Ubuntufagdevs or Fedorafagdevs have any fucking idea about secure encryption settings and standards.

VeraCrypt supports cascading algorithms, LUKS/dm-crypt doesn't.

Anyone that uses LUKs is a tard.

>>62277697
LUKSI use for FDE encryption of my private nonillegal data.
>just works
>theftproof

Veracrypt allows for plausible denieability of any data.
>more secure
>no proof there's a hidden partition

>>62280767
SIEG HEIL

>>62277697
The speed of LUKS vs Veracrypt system encryption cannot be compared, on windows it takes me about 20 seconds to decrypt and then it starts the boot process, on LUKS it takes about 5 seconds.

anyways, you cannot use VeraCrypt in Linux for system encryption simply because LUKS is superior in every way.

>>62281871
No

>>62282050
Two reasons: Tyrone and Ivan.

>>62282293
LUKS does not have plausible denieability

>>62280767
maybe your password really was wrong

>>62282328
Check out DeLUKS
I remember that it can have multiple hidden volumes, not just 1 with VeraCrypt

>>62280812
>H̶e̶ ̶c̶a̶n̶'̶t̶ ̶d̶o̶ ̶b̶a̶s̶i̶c̶ ̶s̶t̶r̶i̶k̶e̶ ̶t̶h̶r̶o̶u̶g̶h̶ ̶
W̶h̶a̶t̶ ̶a̶ ̶p̶l̶e̶b̶

>>62282085
Even the default options are strong enough. You can check after install what cipher was used. Just use the man page for cryptsetup.

>>62282328
>>62282174
Plausible deniability is a meme. They'll still know there's something there because of random data. No one will believe you just filled the hard drive with random data; they'll know it must be encrypted.

Don't have a hidden volume? Too bad. They'll beat you to death for giving them some decoy operating system that seems rather underused.

File: jiFfM.jpg (67KB, 750x600px) Image search: [Google]

67KB, 750x600px

>>62282817
>check after install

>>62282855
>not testing out various distributions in virtual machines
>not knowing you can actually make an encrypted partition with your security options in the live cd through terminal and then trick the installer in using that

>>62277697
>rape your SSD to encrypt shit no one gives a fuck about

loonixfags are so fucking bored and their time is so fucking worthless, holy shit

>>62277697
I don't know how VeraCrypt compares to LUKS however I do know that lucks fucking sucks.

>no integrity check
>doesn't allow you to use chacha20 nor ctr mode
ZFS and bcachefs are better for encryption.

>>62278598
Post your reasoning. Why do you believe that LUKS is compromised?

>>62280767
>fucked his password
>blames veracrypt
And what is your story iwth LUKS?

>>62280812
[ s]Like this[ /s] (without the spaces)
̶L̶i̶k̶e̶ ̶t̶h̶i̶s̶

>>62283222
>>rape your SSD
???

>>62283222
Even trips won't save your clueless attempt to be less stupid than you actually are

>>62280823
What you are describing is totally possible and takes a few extra lines on your config. Learn how to use a computer.

>>62278554
>Never understood why people encrypt on closed source Windows because the OS is a higher level.
If I had to use windows, I would probably have it enable in case thieves stole my laptop.

>>62282817
>No on will believe
it doesn't matter whether anyone believes you, it matters whether they can prove something

ofcourse last resort to break any encryption is to beat the key out of a person. if the key isn't lost or corrupted, everybody breaks eventually

File: 1504566364452.jpg (48KB, 318x455px) Image search: [Google]

48KB, 318x455px

Veracrypt on both Windows and Linux. I make encrypted containers for my porn. God forbid I die in a car crash or something stupid I can't predict, last ting I need is my family finding my porn stash and all the non vanilla fetishes mixed in. Also encrypted container for all of my plain text documents that contain usernames and passwords for every and all of my accounts I've ever made on the Internet.

Also can someone please tell me what the fuck moving my mouse around randomly before making a container has do with cryptographic strength?

>>62280812
It's some unicode hack that makes it look like it's stricken through, kinda like that zalgo text, and not a 4chin feature. Google unicode strikethrough and click on the first result.

>>62280909
I dual boot and have full disk encryption, but only linux is encrypted (not so full disk after all), since I only use windows for gaymen, but I guess I could turn on the default windows encryption shit and have everything encrypted. If both OSes are linux distros, then setting up FDE should be piss easy.

File: Too_mooch_data.jpg (188KB, 559x713px) Image search: [Google]

188KB, 559x713px

>>62285546
>can someone please tell me what the fuck moving my mouse around randomly before making a container has do with cryptographic strength?

This question indicates broader confusion about what pseudorandomness and cryptography are or how they're corollary. I.e., brainlet

>>62282817
>They'll still know there's something there because of random data.
Wouldn't free space on any hard disk look like it's filled with random data after some use? Like if you download some movies, delete them, download some more, delete them again, repeat twenty times.

File: 1504298686523.png (1MB, 1184x1916px) Image search: [Google]

1MB, 1184x1916px

>>62285656
>I don't really know anon

See how much easier that was to say?

>>62282817
>>62285682
I forgot to mention that you could also argue that you DBANned it in the past with the mersenne twister option.

File: Hunson Abadeer 3.png (460KB, 1277x1078px) Image search: [Google]

460KB, 1277x1078px

I trust that /g/ recognizes that the present move for any serious neckbeard nowadays is encryption + RAID1+. Software RAID, which is the easiest (although far easier in Windows than in Linux, not unlike drive encryption) is at the whim of the OS, so NAS boxes like Drobos seem like the best solution. Unfortunately, these devices don't support drive encryption, AFAIK. In that case, you're probably left looking at an FTP server running Linux with LUKS and software RAID to maintain a secure, redundant, *and* OS agnostic filebase.

Thoughts?

>>62285682
The entire volume is encrypted. It looks encrypted. You decrypt to the hidden volume. It resolves to the hidden volume. It looks decrypted. In other words,

>They'll still know there's something there because of random data.

is brainlet nonsense.

>>62285693
This indicates an ignorance about auditing practices that's being projected upon others free of it. I.e., brainlet status quo maintained

>>62285546
>Also can someone please tell me what the fuck moving my mouse around randomly before making a container has do with cryptographic strength?
generating entropy. if you'd use some prng instead of real entropy, one would only need to know it's initial state to recreate your keys.

File: Anime girl study.png (92KB, 303x199px) Image search: [Google]

92KB, 303x199px

>>62286171
This post enlightens one about basic concepts such as entropy and key salting to which they must have been ignorant to take any sustenance from.

If they didn't, their question must be about whether the function that takes in mouse positions and uses them as added entropy actually works and isn't just bogus. This reveals an ignorance about the auditing of open-source software as in >>62285887

>>62277697
>Why would you use this when there is LUKS?
because only one thing can exist ever with no exception, fuck alternatives and fuck choice

>>62285510
if you want to protect against thieves, BitLocker is enough.
Maybe you have something to hide, anon?

>>62282085
You can use {True,Vera}crypt containers withing LUKS. Checkmate, smug loli.

>>62288820
I meant that if I had to use windows, I would probably enable bitlocker.

>>62282817
>le "Plausible deniability is a meme" meme
You fell for it as well.
>They'll still know there's something there because of random data. No one will believe you just filled the hard drive with random data; they'll know it must be encrypted.
"No".
A simple "I tested the drive with badblocks and for now I've partitioned only what I use, I haven't made up my mind yet" will suffice. Moreover, scanning for a LUKS headers is something you can do with strings and grep, where a statistical analysis of the entropy on the drive will require an in-depth analysis (and still, you have absolutely plausible excuses).
>tfw all the used laptops I tinkered with had their HDD DBAN'd by average Windows users
>DBAN is suddenly not plausible

>>62288895
If I had to use Mac, I'd use nothing else than FileVault. Literally no reason to use anything else.

>>62285780
Yes

>>62286235
Why do you try to sound like you're so smart?

does anyone else's VeraCrypt freeze other programs when dismounting or mounting a container sometimes?

Or is the arab developer not optimizing for Ryzen yet?

File: 1489596939827.jpg (34KB, 640x480px) Image search: [Google]

34KB, 640x480px

>>62277697
Using LUKS/VeraNSA/TrueCIA when you could dm-crypt in plain mode leaving no "header" and only random data.

>>62289492
>In order to unlock the encrypted root partition at boot, the following kernel parameters need to be set by the boot loader:

>cryptdevice=UUID=<device-UUID>:cryptroot root=/dev/mapper/cryptroot

>"no "header""

>>62289561
>t. brainlet

>>62285259
[s]t..test[/s]

>>62285546
Computers can't generate random keys without some sort of interaction aside from gathering I/O performance, running processes random data is better when user interaction is involved. I would argue monitoring the microphone or webcam for a few minutes would help also.

>>62289492
>only one password/keyfile
>can't change password/keyfile ever
>has to remember the exact settings if there's any deviation from the defaults
>too much of a brainlet to detach headers
>laughs for no reasons
it's Dunning-Kruger season on 4chan

>>62285259
[spoiler][/spoiler][spoiler][strikethrough][s]don't you lie to me[/s][/strikethrough][/spoiler][spoiler][/spoiler]

File: 1504396785578.jpg (78KB, 468x599px) Image search: [Google]

78KB, 468x599px

>>62279016
>Linux unified key setup is on Windows
U wot m8

>>62285189
This.

God damn, the ZFS encryption fork in the AUR is hot. Wish it made it to stable.

>>62285780
Those Drobos better run ZFS, as that's the only thing worth putting data on.

File: 1498831472146.jpg (220KB, 640x640px) Image search: [Google]

220KB, 640x640px

>>62289492
Not a bad solution.
Data is moderately more resilient for layering with advanced filesystems by eliminating the single point of failure that is the header.

>>62289561
The only thing left to do is to pull the EFI bootloaders of all your devices onto a USB and sleep with it on your person.

>I need my python helloworlds, hentai collection and welfare check scans completely protected
The state of this board.

File: sample_1ec82ef77a4762f1c02c81aedc28fca8.jpg (629KB, 850x924px) Image search: [Google]

629KB, 850x924px

>>62277697
To expand on this, how many have protection against Evil Maid attacks? Where a maid or someone else gains access to the laptop and installs a keylogger into your boot sector?

I, myself, would like to make use of Secure Boot for this, but Debian doesn't yet support it.

>>62280925
>Because when I installed openSUSE with full disk encryption it was a buggy piece of shit. For example, I noticed I couldn't install packages because it told me I have no space left, even though I had plenty of GBs, there were problems with mounting encrypted partitions, etc... Thanks, no, I will use VeraCrypt that I trust and has never failed me.
This is the fault use openSUSE's BTRFS subvolume scheme, not dm-crypt/LUKS.

>>62294880
>evil Rem just installs keylogger into the keyboard itself or flashes the EFI firmware.

>>62294933
>>62294933
>laptop
>no keyboard

As for flashing the EFI, how would that be done if Secure Boot is enabled, preventing booting to another disk?

Would replace the board but being a laptop, this isn't something that could be quick to do.

>>62285218
>Post your reasoning

>reasoning
>4chan
Yeah right

>>62277697
>there are users on /g/ that don't do full operating system encryption
You mean full disk? AFAIK it's not authenticated encryption.

>>62293700
>Not a bad solution
I love how totally clueless people pretend to have an opinion.
>Data is moderately more resilient for layering with advanced filesystems by eliminating the single point of failure that is the header.
That's not what is the header for.