LUKS: Difference between revisions

(22 intermediate revisions by the same user not shown)

Line 4:

See [[Archwiki: dm-crypt/Device encryption]].

===~~Encrypting a device~~===

===Install cryptsetup===

* Setup encryption

<pre>

cryptsetup ~~-v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \~~

sudo apt install cryptsetup

~~--iter-time 5000 --use-urandom --verify-passphrase luksFormat <device>~~

</pre>

* Open encrypted drive

===Encrypting a device===

~~<pre>~~

cryptsetup open ~~<device> <name>~~

# Examples

</~~pre~~>

DEVICE=/dev/sda

NAME=arr1

# Setup encryption

cryptsetup --type luks2 -v luksFormat "${DEVICE}"

# Open encrypted drive to /dev/mapper/$NAME

cryptsetup open "${DEVICE}" "${NAME}"

# Create a partition

mkfs.btrfs /dev/mapper/${NAME}

# Create a mountpoint and mount

mkdir -p /media/${NAME}

mount -t btrfs /dev/mapper/${NAME} /media/${NAME}

# Fill the drive to overwrite any existing raw data (optional)

dd if=/dev/zero of=/media/$NAME/file status=progress

</syntaxhighlight>

* Create a partition

===Mounting===

<~~pre~~>

~~mkfs.fstype /dev/mapper/<name>~~

# Open the encrypted drive

# ~~E.g.~~

cryptsetup open "${DEVICE}" "${NAME}"

~~# mkfs.ext4~~ /dev/mapper/~~luksdrive1~~

# Mount your partition

</~~pre~~>

mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"

</syntaxhighlight>

* Securely wipe the unused portion of the drive

===Unmounting===

** Do this to prevent cryptographic attacks and to overwrite existing data on the drive

<~~pre~~>

# Unmount your partition

~~dd if=/dev/zero of=<file_somewhere> status=progress~~

umount "${MOUNT_LOCATION}"

# ~~Delete~~ the ~~file afterwards~~

# Close the decrypted drive

</~~pre~~>

cryptsetup close ${NAME}

</syntaxhighlight>

===Encrpytion Options===

~~;Notes~~

* You can see defaults using <code>cryptsetup --help</code>.

* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]

** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0

** <code>luks1</code> is the ~~standard~~ version of LUKS.

** <code>luks1</code> is the old version of LUKS.

** <code>luks2</code> is ~~a new~~ version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.

** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.

** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.

** <code>loopaes</code> Avoid this as well.

** <code>tcrypt</code> Use this for mounting older truecrypt volumes.

* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump <device></code>.

{{ hidden | defaults |

Line 50:

Line 70:

</pre>

}}

~~===Mounting===~~

~~<pre>~~

~~# Open the encrypted drive~~

~~cryptsetup open <device> <name>~~

~~# Mount your partition~~

~~mount -t <fstype> /dev/mapper/<name> <mountlocation>~~

~~</pre>~~

~~===Unmounting===~~

~~<pre>~~

~~# Unmount your partition~~

~~umount <mountlocation>~~

~~# Close the decrypted drive~~

~~cryptsetup close <name>~~

~~</pre>~~

==Benchmark==

Line 72:

Line 76:

</pre>

{{ hidden | Example Output |

{{ hidden | Example Output (i7-12700K) |

<pre>

# Tests are approximate using memory only (no storage IO).

PBKDF2-sha1 ~~1213629~~ iterations per second for 256-bit key

PBKDF2-sha1 3057072 iterations per second for 256-bit key

PBKDF2-sha256 ~~1524093~~ iterations per second for 256-bit key

PBKDF2-sha256 6452775 iterations per second for 256-bit key

PBKDF2-sha512 ~~1082121~~ iterations per second for 256-bit key

PBKDF2-sha512 2432890 iterations per second for 256-bit key

PBKDF2-ripemd160 ~~648069~~ iterations per second for 256-bit key

PBKDF2-ripemd160 1289761 iterations per second for 256-bit key

PBKDF2-whirlpool ~~421453~~ iterations per second for 256-bit key

PBKDF2-whirlpool 1148495 iterations per second for 256-bit key

argon2i 4 iterations, ~~875179~~ memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

argon2i 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

argon2id 4 iterations, ~~889195~~ memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

argon2id 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

# Algorithm | Key | Encryption | Decryption

aes-cbc 128b ~~542~~.7 MiB/s ~~2192~~.7 MiB/s

aes-cbc 128b 1976.6 MiB/s 7781.1 MiB/s

serpent-cbc 128b 67.3 MiB/s ~~459~~.9 MiB/s

serpent-cbc 128b 136.8 MiB/s 993.0 MiB/s

twofish-cbc 128b ~~140~~.6 MiB/s ~~285~~.8 MiB/s

twofish-cbc 128b 291.3 MiB/s 646.8 MiB/s

aes-cbc 256b ~~405~~.3 MiB/s ~~1701~~.8 MiB/s

aes-cbc 256b 1507.6 MiB/s 6406.3 MiB/s

serpent-cbc 256b 71.6 MiB/s ~~459~~.5 MiB/s

serpent-cbc 256b 138.2 MiB/s 984.0 MiB/s

twofish-cbc 256b ~~146~~.6 MiB/s ~~287~~.1 MiB/s

twofish-cbc 256b 295.3 MiB/s 647.1 MiB/s

aes-xts 256b ~~1421~~.6 MiB/s ~~1449~~.2 MiB/s

aes-xts 256b 6021.9 MiB/s 5909.9 MiB/s

serpent-xts 256b ~~455~~.9 MiB/s ~~444~~.0 MiB/s

serpent-xts 256b 855.7 MiB/s 887.4 MiB/s

twofish-xts 256b ~~284~~.2 MiB/s ~~286~~.3 MiB/s

twofish-xts 256b 597.8 MiB/s 608.0 MiB/s

aes-xts 512b ~~1187~~.2 MiB/s ~~1177~~.9 MiB/s

aes-xts 512b 5521.2 MiB/s 5505.7 MiB/s

serpent-xts 512b ~~454~~.7 MiB/s ~~446~~.1 MiB/s

serpent-xts 512b 870.2 MiB/s 897.9 MiB/s

twofish-xts 512b ~~284~~.9 MiB/s ~~286~~.5 MiB/s

twofish-xts 512b 602.9 MiB/s 607.1 MiB/s

</pre>

}}

==Adiantum==

If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.

If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.

Adiantum

Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.

It is included in Linux kernel v5.0.

;Creation

Line 111:

Line 116:

;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>

<pre>

cryptsetup benchmark -c xchacha12,aes-adiantum ~~-s 512~~

cryptsetup benchmark -c xchacha12,aes-adiantum

</pre>

Line 133:

Line 138:

}

mount_luks ~~ext4~~ /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1

mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1

</syntaxhighlight>

}}

Line 155:

Line 160:

==Resources==

* [https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ nixCraft How To Linux Hard Disk Encryption With LUKS]

==References==

@@ Line 4: / Line 4: @@
 See [[Archwiki: dm-crypt/Device encryption]].
-===Encrypting a device===
+===Install cryptsetup===
-* Setup encryption
 <pre>
-cryptsetup -v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
+sudo apt install cryptsetup
-           --iter-time 5000 --use-urandom --verify-passphrase luksFormat <device>
 </pre>
-* Open encrypted drive
+===Encrypting a device===
-<pre>
+<syntaxhighlight lang="bash">
-cryptsetup open <device> <name>
+# Examples
-</pre>
+DEVICE=/dev/sda
+NAME=arr1
+# Setup encryption
+cryptsetup --type luks2 -v luksFormat "${DEVICE}"
+# Open encrypted drive to /dev/mapper/$NAME
+cryptsetup open "${DEVICE}" "${NAME}"
+# Create a partition
+mkfs.btrfs /dev/mapper/${NAME}
+# Create a mountpoint and mount
+mkdir -p /media/${NAME}
+mount -t btrfs /dev/mapper/${NAME} /media/${NAME}
+# Fill the drive to overwrite any existing raw data (optional)
+dd if=/dev/zero of=/media/$NAME/file status=progress
+</syntaxhighlight>
-* Create a partition
+===Mounting===
-<pre>
+<syntaxhighlight lang="bash">
-mkfs.fstype /dev/mapper/<name>
+# Open the encrypted drive
-# E.g.
+cryptsetup open "${DEVICE}" "${NAME}"
-# mkfs.ext4 /dev/mapper/luksdrive1
+# Mount your partition
-</pre>
+mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"
+</syntaxhighlight>
-* Securely wipe the unused portion of the drive
+===Unmounting===
-** Do this to prevent cryptographic attacks and to overwrite existing data on the drive
+<syntaxhighlight lang="bash">
-<pre>
+# Unmount your partition
-dd if=/dev/zero of=<file_somewhere> status=progress
+umount "${MOUNT_LOCATION}"
-# Delete the file afterwards
+# Close the decrypted drive
-</pre>
+cryptsetup close ${NAME}
+</syntaxhighlight>
+===Encrpytion Options===
-;Notes
 * You can see defaults using <code>cryptsetup --help</code>.
 * <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
 ** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
-** <code>luks1</code> is the standard version of LUKS.
+** <code>luks1</code> is the old version of LUKS.
-** <code>luks2</code> is a new version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
+** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
 ** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
 ** <code>loopaes</code> Avoid this as well.
 ** <code>tcrypt</code> Use this for mounting older truecrypt volumes.
+* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump &lt;device&gt;</code>.
 {{ hidden | defaults |
@@ Line 50: / Line 70: @@
 </pre>
 }}
-===Mounting===
-<pre>
-# Open the encrypted drive
-cryptsetup open <device> <name>
-# Mount your partition
-mount -t <fstype> /dev/mapper/<name> <mountlocation>
-</pre>
-===Unmounting===
-<pre>
-# Unmount your partition
-umount <mountlocation>
-# Close the decrypted drive
-cryptsetup close <name>
-</pre>
 ==Benchmark==
@@ Line 72: / Line 76: @@
 </pre>
-{{ hidden | Example Output |
+{{ hidden | Example Output (i7-12700K) |
 <pre>
 # Tests are approximate using memory only (no storage IO).
-PBKDF2-sha1      1213629 iterations per second for 256-bit key
+PBKDF2-sha1      3057072 iterations per second for 256-bit key
-PBKDF2-sha256    1524093 iterations per second for 256-bit key
+PBKDF2-sha256    6452775 iterations per second for 256-bit key
-PBKDF2-sha512    1082121 iterations per second for 256-bit key
+PBKDF2-sha512    2432890 iterations per second for 256-bit key
-PBKDF2-ripemd160  648069 iterations per second for 256-bit key
+PBKDF2-ripemd160 1289761 iterations per second for 256-bit key
-PBKDF2-whirlpool  421453 iterations per second for 256-bit key
+PBKDF2-whirlpool 1148495 iterations per second for 256-bit key
-argon2i       4 iterations, 875179 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
+argon2i      13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
-argon2id      4 iterations, 889195 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
+argon2id     13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
 #     Algorithm |       Key |      Encryption |      Decryption
-         aes-cbc        128b       542.7 MiB/s      2192.7 MiB/s
+         aes-cbc        128b      1976.6 MiB/s      7781.1 MiB/s
-     serpent-cbc        128b        67.3 MiB/s       459.9 MiB/s
+     serpent-cbc        128b       136.8 MiB/s       993.0 MiB/s
-     twofish-cbc        128b       140.6 MiB/s       285.8 MiB/s
+     twofish-cbc        128b       291.3 MiB/s       646.8 MiB/s
-         aes-cbc        256b       405.3 MiB/s      1701.8 MiB/s
+         aes-cbc        256b      1507.6 MiB/s      6406.3 MiB/s
-     serpent-cbc        256b        71.6 MiB/s       459.5 MiB/s
+     serpent-cbc        256b       138.2 MiB/s       984.0 MiB/s
-     twofish-cbc        256b       146.6 MiB/s       287.1 MiB/s
+     twofish-cbc        256b       295.3 MiB/s       647.1 MiB/s
-         aes-xts        256b      1421.6 MiB/s      1449.2 MiB/s
+         aes-xts        256b      6021.9 MiB/s      5909.9 MiB/s
-     serpent-xts        256b       455.9 MiB/s       444.0 MiB/s
+     serpent-xts        256b       855.7 MiB/s       887.4 MiB/s
-     twofish-xts        256b       284.2 MiB/s       286.3 MiB/s
+     twofish-xts        256b       597.8 MiB/s       608.0 MiB/s
-         aes-xts        512b      1187.2 MiB/s      1177.9 MiB/s
+         aes-xts        512b      5521.2 MiB/s      5505.7 MiB/s
-     serpent-xts        512b       454.7 MiB/s       446.1 MiB/s
+     serpent-xts        512b       870.2 MiB/s       897.9 MiB/s
-     twofish-xts        512b       284.9 MiB/s       286.5 MiB/s
+     twofish-xts        512b       602.9 MiB/s       607.1 MiB/s
 </pre>
 }}
 ==Adiantum==
-If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.
+If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.
-Adiantum
+Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.
+It is included in Linux kernel v5.0.
 ;Creation
@@ Line 111: / Line 116: @@
 ;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>
 <pre>
-cryptsetup benchmark -c xchacha12,aes-adiantum -s 512
+cryptsetup benchmark -c xchacha12,aes-adiantum
 </pre>
@@ Line 133: / Line 138: @@
 }
-mount_luks ext4 /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
+mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
 </syntaxhighlight>
 }}
@@ Line 155: / Line 160: @@
 ==Resources==
 * [https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ nixCraft How To Linux Hard Disk Encryption With LUKS]
+==References==