10 comments

[ 2.7 ms ] story [ 32.5 ms ] thread
tldr: LUKS2 and Argon are better than LUKS1 and PBKDF
Is there any reason why LUKS and other data-at-rest encryption programs don't use the VeraCrypt method of key derivation?

In VC you can choose one or more hash functions for key derivation. The trick is whichever you choose is not known to the attacker as this choice is never stored. Choosing anything other than the default one decimates brute force speed.

(comment deleted)
That's just a password with extra steps.

If you're chosing from a family of good hash functions, then its like adding a few bits of security to your password. Better just to have a longer password.

If you are choosing from arbitrary hash functions including bad ones, then this is an absolutely terrible idea.

So basically its either a neutral or bad idea. I wouldn't reccomend it.

Can anyone tell me why so many distros only offer LUKS instead of LUKS2 at installation phase?
Their LUKS implementation defaults to LUKS2, because cryptsetup defaults to LUKS2. So it's just words.

The only semi-valid reason nowadays to use LUKS1 is encryption of /boot for GRUB.

>If your USB drives contain shorter than recommended passphrases (fewer than seven words), update immediately and change passwords.

The linked Tails security advisory[1] says:

>We recommend you change the passphrase of your Persistent Storage and other LUKS encrypted volumes unless you use a long passphrase of 5 random words or more.

When talking in terms of passphrases, using a memory hard hash like Argon2 over PBKDF2 will get you an advantage of less than a single word. The real magic is in the passphrase length and the randomness of the words.

[1] https://tails.boum.org/security/argon2id/index.en.html