26
votes
How resilient are VeraCrypt and LUKS encrypted volumes against data corruption?
In practice, it's almost as resilient with encryption as without it, as long you backup the master key and metadata properly.
Apart of metadata, the corruption would affect just the block of the ...
- 537
25
votes
Accepted
Best order of RAID, LVM and LUKS
First, the order of LUKS and LVM depends on if you want to have different LUKS passwords or other settings for different LVs. If say, you need to set up different passwords for different LVs, you ...
- 396
16
votes
LUKS on Ubuntu 16.04 : unknown filesystem type 'crypto_LUKS'
To be able to access your files you have to decrypt them first
cryptsetup open /dev/sda1 backup
where sda1 is the encrypted partition and backup is the name of your partition (that is a very basic ...
- 703
13
votes
Accepted
LUKS on top of BTRFS raid array
You can't do that, because Btrfs isn't a block-device RAID array, it is a file system that happens to include data mirroring.
First of all though, by doing what you did (i.e. trying to luksFormat the ...
- 465k
10
votes
Accepted
Why does cryptsetup fail with container 10M in size?
The original LUKS volume format, now known as LUKS1, used to reserve 2 MiB for the metadata header (cipher parameters, key slots, etc.) leaving you with 8 MiB for the actual data.
But with ...
- 465k
9
votes
How can I access volumes encrypted with LUKS/dm-crypt from Windows?
WSL 2 on Windows10
Windows allows now to mount physical disks using the Windows Subsystem for Linux 2 (WSL).
For people who are not familiar with WSL2:
... Windows Subsystem for Linux is a ...
- 459
8
votes
How do I determine what ciphers & cipher modes I can use in dm-crypt/LUKS?
The 5.1 kernel, current at the time I write this, has two different formats the for cipher string, the "old" format and the "new" format. Everything in this question so far, and apparently all docs ...
- 191
6
votes
Linux LUKS and choice of filesystem
I did some testing with a low-to-middle end system. Results below.
In conclusion, it seems that encryption doesn't render a filesystem's optimizations useless. As you can see in the table, for ...
- 1,577
6
votes
Best order of RAID, LVM and LUKS
If you want all RAID, LUKS and LVM I would recommend RAID -> LUKS -> LVM -> FS. RAID --> LVM --> LUKS --> LVM --> FS is no better than RAID -> LUKS -> LVM - to extend ...
- 884
6
votes
Accepted
Is it safe to move a LUKS encrypted partition to another system and be able to use the same passphrase?
Yes. That is correct. A LUKS volume is self contained and works as you described.
- 71.4k
6
votes
Accepted
Linux - accidentally used dd on a LUKS encrypted drive, is there a way to recover?
There is no hope in recovering LUKS container if there is no LUKS header backup.
Frankly, the answer is contained in the first sentence, but I can provide more information to explain the situation. ...
- 86
6
votes
Accepted
Is there a way to move a LUKS-encrypted btrfs volume to the right?
There is literally nothing special about moving a partition, whether it has LUKS or Btrfs or anything else.
The way partitions work is that the filesystem is completely unaware of the "real" ...
- 465k
5
votes
Accepted
Change the keyboard layout of GRUB in stage 1
Since you're using EFI with an encrypted /boot, I'm assuming you're already familiar with grub-mkstandalone
Add in /etc/default/grub :
GRUB_TERMINAL_INPUT=at_keyboard
Add in /etc/grub.d/40_custom :
...
- 66
5
votes
Accepted
MD Raid 1 read balancing algorithm
Linux implementation of RAID1 speeds up disk read operations as long as two separate disk read operations are performed at a time. That means reading one file won't be any faster on RAID1 than on ...
- 10.2k
5
votes
Unable to mount UDF filesystem created with mkudffs inside a luks volume
The most probable reason for the failure ist the read-only resctriction
of the medium when it shall be opened for LUKS.
The experiments below indicate that option -r of cryptsetup does the trick:
...
- 221
5
votes
Accepted
Data access speed in LUKS encrypted partition
Encryption adds extra CPU load, as each disk block needs to be decrypted by the OS on access. Your test results (~600 MB/s decryption) are fairly average for generic AES processing on an i7.
To avoid ...
- 465k
5
votes
Accepted
Migrating from unencrypted Ubuntu 16.04 to LUKS Encrypted install of 16.04
Described below is a procedure I have successfully used multiple times. It works for Ubuntu 16.04 and 18.04. Unlike the solution proposed by @Arno in their answer, it doesn't require manual editing of ...
- 57.5k
5
votes
btrfs, LUKS, swapfile: How to hibernate on swapfile?
The following steps enable hibernate to swap-file on Fedora Silverblue 33, with a btrfs filesystem, possibly encrypted with LUKS. Unfortunately it's not very straight forward, but it works.
Note that ...
- 150
4
votes
Move a LUKS partition to the left and resize it
This is actually harder to do than it sounds. The reason is that when locked, a LUKS partition must refer to a very specific location on disk as referenced in your partition table in order to be ...
- 41
4
votes
How to make suspend to RAM secure on Ubuntu with full disk encryption (LVM on top of LUKS)?
I've come across the same problem, so I took another shot at porting the same script, which you can see here. It doesn't touch any non-volatile storage after luksSuspend, so it works even with real ...
- 149
4
votes
How can I access volumes encrypted with LUKS/dm-crypt from Windows?
2023 Answer
You can use Linsk. It is a utility that wraps around a lightweight Alpine Linux VM, allowing you to mount any Linux file system (including LUKS) that is then exposed to the host machine ...
- 207
4
votes
Accepted
Remove all traces of LUKS from second hard drive
The quick and dirty way to wipe your disk is
sudo sgdisk -Z /dev/sda
and then reboot. If you want a new partition afterwards, you can create one in GParted, sudo gdisk /dev/sda for the GPT ...
- 19.7k
4
votes
Accepted
Luks header overwritten with dd
You asked:
Is there a possibilty to recover my header or is everything lost ?
I'm really sorry, but the LUKS header contains the passphrase-encrypted key(s) which unlock everything else. Without a ...
- 738
3
votes
MD Raid 1 read balancing algorithm
If you only have a single stream of sequential I/O the md RAID1 algorithm will keep picking the same disk. From the mdadm man page:
[On md RAID1] a single stream of sequential input will not be ...
- 1,389
3
votes
System encryption LUKS: What's the strongest and most secure key size?
As part of a starting point, measuring performance of encryption types on the system you plan to use may aid in a feasible decision.
cryptsetup benchmark
- 31
3
votes
Is it possible to add a key to an open luks volume whithout providing a current key?
Yes, like this:
cryptsetup luksAddKey <DEVICE> --master-key-file <(dmsetup table --showkey /dev/mapper/<MAP> | awk '{print$5}' | xxd -r -p)
Substitute <DEVICE> with the block ...
3
votes
LUKS - change keyFile using cryptsetup
No idea why @studiohack voted down / deleted my answer (and no idea howto sent direct communications here and I am not paid by superuser.com so my time here is limited).
But the ANSWER was/is right - ...
- 31
Only top scored, non community-wiki answers of a minimum length are eligible