Is there any reason why LUKS and other data-at-rest encryption programs don't use the VeraCrypt method of key derivation?
In VC you can choose one or more hash functions for key derivation. The trick is whichever you choose is not known to the attacker as this choice is never stored. Choosing anything other than the default one decimates brute force speed.
If you're chosing from a family of good hash functions, then its like adding a few bits of security to your password. Better just to have a longer password.
If you are choosing from arbitrary hash functions including bad ones, then this is an absolutely terrible idea.
So basically its either a neutral or bad idea. I wouldn't reccomend it.
In general cryptosystems are easier to analyze and design when the secret and open parts are clearly delineated. Having half-secret info like the choice of specific algorithm is problematic
>If your USB drives contain shorter than recommended passphrases (fewer than seven words), update immediately and change passwords.
The linked Tails security advisory[1] says:
>We recommend you change the passphrase of your Persistent Storage and other LUKS encrypted volumes unless you use a long passphrase of 5 random words or more.
When talking in terms of passphrases, using a memory hard hash like Argon2 over PBKDF2 will get you an advantage of less than a single word. The real magic is in the passphrase length and the randomness of the words.
Daily reminder that your LUKS volumes can be configured to be unlocked with a single tap using any FIDO2 hardware key (with an optional passphrase fallback for which you can use a long diceware).
10 comments
[ 2.7 ms ] story [ 32.5 ms ] threadIn VC you can choose one or more hash functions for key derivation. The trick is whichever you choose is not known to the attacker as this choice is never stored. Choosing anything other than the default one decimates brute force speed.
If you're chosing from a family of good hash functions, then its like adding a few bits of security to your password. Better just to have a longer password.
If you are choosing from arbitrary hash functions including bad ones, then this is an absolutely terrible idea.
So basically its either a neutral or bad idea. I wouldn't reccomend it.
In general cryptosystems are easier to analyze and design when the secret and open parts are clearly delineated. Having half-secret info like the choice of specific algorithm is problematic
The only semi-valid reason nowadays to use LUKS1 is encryption of /boot for GRUB.
The linked Tails security advisory[1] says:
>We recommend you change the passphrase of your Persistent Storage and other LUKS encrypted volumes unless you use a long passphrase of 5 random words or more.
When talking in terms of passphrases, using a memory hard hash like Argon2 over PBKDF2 will get you an advantage of less than a single word. The real magic is in the passphrase length and the randomness of the words.
[1] https://tails.boum.org/security/argon2id/index.en.html
http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-f...
systemd is not required, it just simplifies enrollment.