Difference between revisions of "Linux Unified Key Setup (LUKS)"

From ForensicsWiki
Jump to: navigation, search
 
(4 intermediate revisions by the same user not shown)
Line 4: Line 4:
  
 
LUKS supports various encryption methods, like:
 
LUKS supports various encryption methods, like:
 +
* [[RC4 | Alleged RC4 (ARC4)]]
 
* [[AES]]
 
* [[AES]]
 
* [[Anubis]]
 
* [[Anubis]]
Line 26: Line 27:
 
00000040  00 00 00 00 00 00 00 00  72 69 70 65 6d 64 31 36  |........ripemd16|
 
00000040  00 00 00 00 00 00 00 00  72 69 70 65 6d 64 31 36  |........ripemd16|
 
00000050  30 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |0...............|
 
00000050  30 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |0...............|
 +
</pre>
 +
 +
The encryption method in the example is:
 +
<pre>
 +
aes
 +
</pre>
 +
 +
The encryption mode is in the format:
 +
<pre>
 +
chaining_mode[-initialization_vector_mode[:initialization_vector_options]]
 +
</pre>
 +
 +
Which in the example is:
 +
<pre>
 +
cbc-essiv:sha256
 +
</pre>
 +
 +
And the password hashing method in the example is:
 +
<pre>
 +
ripemd160
 
</pre>
 
</pre>
  

Latest revision as of 14:13, 23 December 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Linux Unified Key Setup (LUKS) is commonly used by Linux to encrypt storage media volumes. LUKS is implemented in the Linux kernel in dm-crypt (dm = Device Mapper) and the user-space component cryptsetup.

LUKS supports various encryption methods, like:

These encryption methods can be used in various chaining modes and with various initialization vector modes.

How to detect

A LUKS encrypted volume starts with the "LUKS\xba\xbe" signature.

A hexdump of the start of the volume should look similar to:

00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  63 62 63 2d 65 73 73 69  |........cbc-essi|
00000030  76 3a 73 68 61 32 35 36  00 00 00 00 00 00 00 00  |v:sha256........|
00000040  00 00 00 00 00 00 00 00  72 69 70 65 6d 64 31 36  |........ripemd16|
00000050  30 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |0...............|

The encryption method in the example is:

aes

The encryption mode is in the format:

chaining_mode[-initialization_vector_mode[:initialization_vector_options]]

Which in the example is:

cbc-essiv:sha256

And the password hashing method in the example is:

ripemd160

External Links