Difference between revisions of "Linux Unified Key Setup (LUKS)"
From ForensicsWiki
Joachim Metz (Talk | contribs) |
Joachim Metz (Talk | contribs) (→How to detect) |
||
Line 26: | Line 26: | ||
00000040 00 00 00 00 00 00 00 00 72 69 70 65 6d 64 31 36 |........ripemd16| | 00000040 00 00 00 00 00 00 00 00 72 69 70 65 6d 64 31 36 |........ripemd16| | ||
00000050 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |0...............| | 00000050 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |0...............| | ||
+ | </pre> | ||
+ | |||
+ | The encryption mode is in the format: | ||
+ | <pre> | ||
+ | chaining_mode[-initialization_vector_mode[:initialization_vector_options]] | ||
+ | </pre> | ||
+ | |||
+ | Which in the example is: | ||
+ | <pre> | ||
+ | cbc-essiv:sha256 | ||
+ | </pre> | ||
+ | |||
+ | And the password hashing method in the example is: | ||
+ | <pre> | ||
+ | ripemd160 | ||
</pre> | </pre> | ||
Revision as of 17:52, 23 December 2013
Please help to improve this article by expanding it.
|
Linux Unified Key Setup (LUKS) is commonly used by Linux to encrypt storage media volumes. LUKS is implemented in the Linux kernel in dm-crypt (dm = Device Mapper) and the user-space component cryptsetup.
LUKS supports various encryption methods, like:
These encryption methods can be used in various chaining modes and with various initialization vector modes.
How to detect
A LUKS encrypted volume starts with the "LUKS\xba\xbe" signature.
A hexdump of the start of the volume should look similar to:
00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |........cbc-essi| 00000030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256........| 00000040 00 00 00 00 00 00 00 00 72 69 70 65 6d 64 31 36 |........ripemd16| 00000050 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |0...............|
The encryption mode is in the format:
chaining_mode[-initialization_vector_mode[:initialization_vector_options]]
Which in the example is:
cbc-essiv:sha256
And the password hashing method in the example is:
ripemd160
External Links
- New Methods in Hard Disk Encryption, by Clemens Fruhwirth, July 18, 2005
- LUKS On-Disk Format Specification - Version 1.2.1, by Clemens Fruhwirth, October 16, 2011
- LUKS Disk Encryption, by RedHat
- LUKS Disk Encryption format specification, by the libluksde project, July 2013
- Practical malleability attack against CBC-Encrypted LUKS partitions, by Jakob Lell, December 22, 2013