LUKS: Difference between revisions

(20 intermediate revisions by the same user not shown)

Line 4:

See [[Archwiki: dm-crypt/Device encryption]].

===~~Encrypting a device~~===

===Install cryptsetup===

* Setup encryption

<pre>

cryptsetup ~~-v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \~~

sudo apt install cryptsetup

~~--iter-time 5000 --use-urandom --verify-passphrase luksFormat <device>~~

</pre>

* Open encrypted drive

===Encrypting a device===

~~<pre>~~

cryptsetup open ~~<device> <name>~~

# Examples

</~~pre>~~

DEVICE=/dev/sda

NAME=arr1

# Setup encryption

cryptsetup --type luks2 -v luksFormat "${DEVICE}"

# Open encrypted drive to /dev/mapper/$NAME

cryptsetup open "${DEVICE}" "${NAME}"

# Create a partition

mkfs.btrfs /dev/mapper/${NAME}

* Create a ~~partition~~

# Create a mountpoint and mount

~~<pre>~~

mkdir -p /media/${NAME}

~~mkfs.fstype~~ /~~dev/mapper~~/~~<name>~~

mount -t btrfs /dev/mapper/${NAME} /media/${NAME}

~~# E.g.~~

~~# mkfs.ext4~~ /dev/mapper/~~luksdrive1~~

</~~pre>~~

* Securely wipe the unused portion of the drive

# Fill the drive to overwrite any existing raw data (optional)

** Do this to prevent cryptographic attacks and to overwrite existing data ~~on the drive~~

dd if=/dev/zero of=/media/$NAME/file status=progress

~~<pre>~~

</syntaxhighlight>

dd if=/dev/zero of=~~<file_somewhere>~~ status=progress

~~# Delete the file afterwards~~

</~~pre~~>

===Mounting===

<~~pre~~>

# Open the encrypted drive

cryptsetup open ~~<device> <name>~~

cryptsetup open "${DEVICE}" "${NAME}"

# Mount your partition

mount -t ~~<fstype>~~ /dev/mapper/~~<name> <mountlocation>~~

mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"

</~~pre~~>

</syntaxhighlight>

===Unmounting===

<~~pre~~>

# Unmount your partition

umount ~~<mountlocation>~~

umount "${MOUNT_LOCATION}"

# Close the decrypted drive

cryptsetup close ~~<name>~~

cryptsetup close ${NAME}

</~~pre~~>

</syntaxhighlight>

===Encrpytion Options===

Line 51:

Line 53:

* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]

** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0

** <code>luks1</code> is the ~~standard~~ version of LUKS.

** <code>luks1</code> is the old version of LUKS.

** <code>luks2</code> is ~~a new~~ version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.

** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.

** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.

** <code>loopaes</code> Avoid this as well.

** <code>tcrypt</code> Use this for mounting older truecrypt volumes.

* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds ~~and use that many~~ iterations. You can see the number of iterations for each key with <code>cryptsetup luksDump <device></code>.

* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump <device></code>.

{{ hidden | defaults |

Line 74:

Line 76:

</pre>

{{ hidden | Example Output |

{{ hidden | Example Output (i7-12700K) |

<pre>

# Tests are approximate using memory only (no storage IO).

PBKDF2-sha1 ~~1213629~~ iterations per second for 256-bit key

PBKDF2-sha1 3057072 iterations per second for 256-bit key

PBKDF2-sha256 ~~1524093~~ iterations per second for 256-bit key

PBKDF2-sha256 6452775 iterations per second for 256-bit key

PBKDF2-sha512 ~~1082121~~ iterations per second for 256-bit key

PBKDF2-sha512 2432890 iterations per second for 256-bit key

PBKDF2-ripemd160 ~~648069~~ iterations per second for 256-bit key

PBKDF2-ripemd160 1289761 iterations per second for 256-bit key

PBKDF2-whirlpool ~~421453~~ iterations per second for 256-bit key

PBKDF2-whirlpool 1148495 iterations per second for 256-bit key

argon2i 4 iterations, ~~875179~~ memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

argon2i 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

argon2id 4 iterations, ~~889195~~ memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

argon2id 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)

# Algorithm | Key | Encryption | Decryption

aes-cbc 128b ~~542~~.7 MiB/s ~~2192~~.7 MiB/s

aes-cbc 128b 1976.6 MiB/s 7781.1 MiB/s

serpent-cbc 128b 67.3 MiB/s ~~459~~.9 MiB/s

serpent-cbc 128b 136.8 MiB/s 993.0 MiB/s

twofish-cbc 128b ~~140~~.6 MiB/s ~~285~~.8 MiB/s

twofish-cbc 128b 291.3 MiB/s 646.8 MiB/s

aes-cbc 256b ~~405~~.3 MiB/s ~~1701~~.8 MiB/s

aes-cbc 256b 1507.6 MiB/s 6406.3 MiB/s

serpent-cbc 256b 71.6 MiB/s ~~459~~.5 MiB/s

serpent-cbc 256b 138.2 MiB/s 984.0 MiB/s

twofish-cbc 256b ~~146~~.6 MiB/s ~~287~~.1 MiB/s

twofish-cbc 256b 295.3 MiB/s 647.1 MiB/s

aes-xts 256b ~~1421~~.6 MiB/s ~~1449~~.2 MiB/s

aes-xts 256b 6021.9 MiB/s 5909.9 MiB/s

serpent-xts 256b ~~455~~.9 MiB/s ~~444~~.0 MiB/s

serpent-xts 256b 855.7 MiB/s 887.4 MiB/s

twofish-xts 256b ~~284~~.2 MiB/s ~~286~~.3 MiB/s

twofish-xts 256b 597.8 MiB/s 608.0 MiB/s

aes-xts 512b ~~1187~~.2 MiB/s ~~1177~~.9 MiB/s

aes-xts 512b 5521.2 MiB/s 5505.7 MiB/s

serpent-xts 512b ~~454~~.7 MiB/s ~~446~~.1 MiB/s

serpent-xts 512b 870.2 MiB/s 897.9 MiB/s

twofish-xts 512b ~~284~~.9 MiB/s ~~286~~.5 MiB/s

twofish-xts 512b 602.9 MiB/s 607.1 MiB/s

</pre>

}}

==Adiantum==

If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.

If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.

Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.

It is included in Linux kernel v5.0.

Line 114:

Line 116:

;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>

<pre>

cryptsetup benchmark -c xchacha12,aes-adiantum ~~-s 512~~

cryptsetup benchmark -c xchacha12,aes-adiantum

</pre>

Line 136:

Line 138:

}

mount_luks ~~ext4~~ /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1

mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1

</syntaxhighlight>

}}

@@ Line 4: / Line 4: @@
 See [[Archwiki: dm-crypt/Device encryption]].
-===Encrypting a device===
+===Install cryptsetup===
-* Setup encryption
 <pre>
-cryptsetup -v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
+sudo apt install cryptsetup
-           --iter-time 5000 --use-urandom --verify-passphrase luksFormat <device>
 </pre>
-* Open encrypted drive
+===Encrypting a device===
-<pre>
+<syntaxhighlight lang="bash">
-cryptsetup open <device> <name>
+# Examples
-</pre>
+DEVICE=/dev/sda
+NAME=arr1
+# Setup encryption
+cryptsetup --type luks2 -v luksFormat "${DEVICE}"
+# Open encrypted drive to /dev/mapper/$NAME
+cryptsetup open "${DEVICE}" "${NAME}"
+# Create a partition
+mkfs.btrfs /dev/mapper/${NAME}
-* Create a partition
+# Create a mountpoint and mount
-<pre>
+mkdir -p /media/${NAME}
-mkfs.fstype /dev/mapper/<name>
+mount -t btrfs /dev/mapper/${NAME} /media/${NAME}
-# E.g.
-# mkfs.ext4 /dev/mapper/luksdrive1
-</pre>
-* Securely wipe the unused portion of the drive
+# Fill the drive to overwrite any existing raw data (optional)
-** Do this to prevent cryptographic attacks and to overwrite existing data on the drive
+dd if=/dev/zero of=/media/$NAME/file status=progress
-<pre>
+</syntaxhighlight>
-dd if=/dev/zero of=<file_somewhere> status=progress
-# Delete the file afterwards
-</pre>
 ===Mounting===
-<pre>
+<syntaxhighlight lang="bash">
 # Open the encrypted drive
-cryptsetup open <device> <name>
+cryptsetup open "${DEVICE}" "${NAME}"
 # Mount your partition
-mount -t <fstype> /dev/mapper/<name> <mountlocation>
+mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"
-</pre>
+</syntaxhighlight>
 ===Unmounting===
-<pre>
+<syntaxhighlight lang="bash">
 # Unmount your partition
-umount <mountlocation>
+umount "${MOUNT_LOCATION}"
 # Close the decrypted drive
-cryptsetup close <name>
+cryptsetup close ${NAME}
-</pre>
+</syntaxhighlight>
 ===Encrpytion Options===
@@ Line 51: / Line 53: @@
 * <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
 ** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
-** <code>luks1</code> is the standard version of LUKS.
+** <code>luks1</code> is the old version of LUKS.
-** <code>luks2</code> is a new version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
+** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
 ** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
 ** <code>loopaes</code> Avoid this as well.
 ** <code>tcrypt</code> Use this for mounting older truecrypt volumes.
-* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds and use that many iterations. You can see the number of iterations for each key with <code>cryptsetup luksDump &lt;device&gt;</code>.
+* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump &lt;device&gt;</code>.
 {{ hidden | defaults |
@@ Line 74: / Line 76: @@
 </pre>
-{{ hidden | Example Output |
+{{ hidden | Example Output (i7-12700K) |
 <pre>
 # Tests are approximate using memory only (no storage IO).
-PBKDF2-sha1      1213629 iterations per second for 256-bit key
+PBKDF2-sha1      3057072 iterations per second for 256-bit key
-PBKDF2-sha256    1524093 iterations per second for 256-bit key
+PBKDF2-sha256    6452775 iterations per second for 256-bit key
-PBKDF2-sha512    1082121 iterations per second for 256-bit key
+PBKDF2-sha512    2432890 iterations per second for 256-bit key
-PBKDF2-ripemd160  648069 iterations per second for 256-bit key
+PBKDF2-ripemd160 1289761 iterations per second for 256-bit key
-PBKDF2-whirlpool  421453 iterations per second for 256-bit key
+PBKDF2-whirlpool 1148495 iterations per second for 256-bit key
-argon2i       4 iterations, 875179 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
+argon2i      13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
-argon2id      4 iterations, 889195 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
+argon2id     13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
 #     Algorithm |       Key |      Encryption |      Decryption
-         aes-cbc        128b       542.7 MiB/s      2192.7 MiB/s
+         aes-cbc        128b      1976.6 MiB/s      7781.1 MiB/s
-     serpent-cbc        128b        67.3 MiB/s       459.9 MiB/s
+     serpent-cbc        128b       136.8 MiB/s       993.0 MiB/s
-     twofish-cbc        128b       140.6 MiB/s       285.8 MiB/s
+     twofish-cbc        128b       291.3 MiB/s       646.8 MiB/s
-         aes-cbc        256b       405.3 MiB/s      1701.8 MiB/s
+         aes-cbc        256b      1507.6 MiB/s      6406.3 MiB/s
-     serpent-cbc        256b        71.6 MiB/s       459.5 MiB/s
+     serpent-cbc        256b       138.2 MiB/s       984.0 MiB/s
-     twofish-cbc        256b       146.6 MiB/s       287.1 MiB/s
+     twofish-cbc        256b       295.3 MiB/s       647.1 MiB/s
-         aes-xts        256b      1421.6 MiB/s      1449.2 MiB/s
+         aes-xts        256b      6021.9 MiB/s      5909.9 MiB/s
-     serpent-xts        256b       455.9 MiB/s       444.0 MiB/s
+     serpent-xts        256b       855.7 MiB/s       887.4 MiB/s
-     twofish-xts        256b       284.2 MiB/s       286.3 MiB/s
+     twofish-xts        256b       597.8 MiB/s       608.0 MiB/s
-         aes-xts        512b      1187.2 MiB/s      1177.9 MiB/s
+         aes-xts        512b      5521.2 MiB/s      5505.7 MiB/s
-     serpent-xts        512b       454.7 MiB/s       446.1 MiB/s
+     serpent-xts        512b       870.2 MiB/s       897.9 MiB/s
-     twofish-xts        512b       284.9 MiB/s       286.5 MiB/s
+     twofish-xts        512b       602.9 MiB/s       607.1 MiB/s
 </pre>
 }}
 ==Adiantum==
-If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.
+If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.
 Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.
 It is included in Linux kernel v5.0.
@@ Line 114: / Line 116: @@
 ;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>
 <pre>
-cryptsetup benchmark -c xchacha12,aes-adiantum -s 512
+cryptsetup benchmark -c xchacha12,aes-adiantum
 </pre>
@@ Line 136: / Line 138: @@
 }
-mount_luks ext4 /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
+mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
 </syntaxhighlight>
 }}