#luks2 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #luks2, aggregated by home.social.
-
Xubuntu 26.04 LTS (beta) - Installation with FDE failed. The preconfigured encrypted setup option, failed with Python arguments errors. And manually configured and partitioned setup failed, because it did not detect device mapped root correctly -> not possible to install on it. Let’s hope the final version fixes these both annoying issues. I did update the installer with latest version just before running the install, so the image had even older installer, which I didn’t use. #Xubuntu #LTS #LUKS2 #FDE #fail #installation #Linux
-
This week has been full of major improvements to my #Linux setup across my #ThinkPads. I now have:
1. Significantly faster boot times due to quicker #LUKS decryption by separating out #boot and #EFI into separate volumes.
2. Upgrade from #LUKS1 to #LUKS2 (while most of the rest of my setup)
3. Better visuals for LUKS passphrase prompts using (finally) #plymouthI couldn't have asked for more improvements in barely two days.
-
This week has been full of major improvements to my #Linux setup across my #ThinkPads. I now have:
1. Significantly faster boot times due to quicker #LUKS decryption by separating out #boot and #EFI into separate volumes.
2. Upgrade from #LUKS1 to #LUKS2 (while most of the rest of my setup)
3. Better visuals for LUKS passphrase prompts using (finally) #plymouthI couldn't have asked for more improvements in barely two days.
-
This week has been full of major improvements to my #Linux setup across my #ThinkPads. I now have:
1. Significantly faster boot times due to quicker #LUKS decryption by separating out #boot and #EFI into separate volumes.
2. Upgrade from #LUKS1 to #LUKS2 (while most of the rest of my setup)
3. Better visuals for LUKS passphrase prompts using (finally) #plymouthI couldn't have asked for more improvements in barely two days.
-
This week has been full of major improvements to my #Linux setup across my #ThinkPads. I now have:
1. Significantly faster boot times due to quicker #LUKS decryption by separating out #boot and #EFI into separate volumes.
2. Upgrade from #LUKS1 to #LUKS2 (while most of the rest of my setup)
3. Better visuals for LUKS passphrase prompts using (finally) #plymouthI couldn't have asked for more improvements in barely two days.
-
This week has been full of major improvements to my #Linux setup across my #ThinkPads. I now have:
1. Significantly faster boot times due to quicker #LUKS decryption by separating out #boot and #EFI into separate volumes.
2. Upgrade from #LUKS1 to #LUKS2 (while most of the rest of my setup)
3. Better visuals for LUKS passphrase prompts using (finally) #plymouthI couldn't have asked for more improvements in barely two days.
-
Gut, dass es #TestDisk gibt: Jemand überschrieb versehentlich eine Partitionstabelle (GPT). Darauf befand sich nur eine #LUKS2-Partition. Mit #TestDisk ließ sich das zum Glück regeln.
Aber ganz trivial war es dann doch nicht: TestDisk erkennt nur die Minimalgröße von LUKS-Partitionen und stellt diese wieder her und kennt nicht das tatsächliche Ende. Und entschlüsseln ließ sich das Ding auch nicht: "Invalid argument" nach korrekter Angabe des Schlüssels.
Stellt sich raus: Die Partitionsgröße muss ein Vielfaches der Sektorgröße (hier 4096) sein, sonst geht da gar nix. Also auf die nächstgrößere Partitionsgröße mit
partederweitert und dann gings. :awesome: -
Microsoft gerät in die Datenschutzkritik: Der Konzern soll BitLocker-Schlüssel an das FBI weitergegeben haben – mit Folgen für das Vertrauen in Cloud-Sicherheit 🔐🇺🇸 Mehr dazu: https://www.golem.de/news/datenschutzdebatte-microsoft-gibt-bitlocker-schluessel-an-fbi-weiter-2601-204576.html #Microsoft #BitLocker #Datenschutz #FBI #Newz
Die coolen Kidz nutzen #Linux mit #LUKS2 & #Argon2id
Es gibt auch #Veracrypt statt Bitlocker
https://www.drensec.com/kostenlose-festplattenverschluesselung-fuer-windows-11-mit-veracrypt/
-
I know probably nobody's gonna care, but support for #Argon2 was finally merged in upstream #grub and I'm so happy. I kinda disliked the fact that we had to rely on downstream patches. Now that it's all upstream, I can setup full disk encryption, including /boot, with #luks2 on my #libreboot #thinkpad
-
I organized my #storage like this. I think it's quite well thought out. All disks are SED hardware encrypted with TCG OPAL, root @ and @ home subvolumes are on #btrfs (mdadm RAID1), additionally encrypted with #LUKS2. A fast storage for less important local data is on NVMe drives. Data on large SATA drives is encrypted in LUKS images or using a cloud-friendly filesystems (#gocryptfs), quickly synchronized via LAN sync, and efficiently synced with cloud storage using block-level sync.
-
Thank you for sounding the alert!
I identified a minor issue with your otherwise nice explanation: According to my sources (man cryptsetup, #rfc9106), all #argon2 varieties are memory-hard. RFC 9106 is even titled “Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications”.
However, given that there are known attacks against #argon2i, it seems wise to use #argon2id instead. It is also what is recommended in the RFC.
As a #QubesOS user, I just checked the state of affairs there:
The cryptsetup that comes with QubesOS 3.x used #luks1, and those who did an in-place upgrade to 4.x still have that unless they converted to #luks2 manually (as detailed in the migration guide).
The cryptsetup in QubesOS 4.x uses #luks2, but it still defaults to #argon2i unfortunately.
-
If you plan to use Grub 2.06 with LUKS2 note that:
> - Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.
> - grub-install does not support creating a core image that could be used for unlocking LUKS2.
(https://wiki.archlinux.org/title/GRUB#LUKS2)Just had a hard long time debugging because I assumed full support which is not the case yet.
Also `grub-mkconfig` or `grub-install` do not bother to warn you about any incompatibility. The crypto commands are just silently omitted. 😑