Difference between revisions of "Linux Unified Key Setup (LUKS)"

From Forensics Wiki
Jump to: navigation, search
(External Links)
 
(10 intermediate revisions by one user not shown)
Line 4: Line 4:
  
 
LUKS supports various encryption methods, like:
 
LUKS supports various encryption methods, like:
 +
* [[RC4 | Alleged RC4 (ARC4)]]
 
* [[AES]]
 
* [[AES]]
 
* [[Anubis]]
 
* [[Anubis]]
Line 10: Line 11:
 
* [[Cast6]]
 
* [[Cast6]]
 
* [[Serpent]]
 
* [[Serpent]]
 +
* Tnepres a reversed variant of [[Serpent]]
 
* [[Twofish|TwoFish]]
 
* [[Twofish|TwoFish]]
  
 
These encryption methods can be used in various chaining modes and with various initialization vector modes.
 
These encryption methods can be used in various chaining modes and with various initialization vector modes.
 +
 +
== How to detect ==
 +
A LUKS encrypted volume starts with the "LUKS\xba\xbe" signature.
 +
 +
A hexdump of the start of the volume should look similar to:
 +
<pre>
 +
00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
 +
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 +
00000020  00 00 00 00 00 00 00 00  63 62 63 2d 65 73 73 69  |........cbc-essi|
 +
00000030  76 3a 73 68 61 32 35 36  00 00 00 00 00 00 00 00  |v:sha256........|
 +
00000040  00 00 00 00 00 00 00 00  72 69 70 65 6d 64 31 36  |........ripemd16|
 +
00000050  30 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |0...............|
 +
</pre>
 +
 +
The encryption method in the example is:
 +
<pre>
 +
aes
 +
</pre>
 +
 +
The encryption mode is in the format:
 +
<pre>
 +
chaining_mode[-initialization_vector_mode[:initialization_vector_options]]
 +
</pre>
 +
 +
Which in the example is:
 +
<pre>
 +
cbc-essiv:sha256
 +
</pre>
 +
 +
And the password hashing method in the example is:
 +
<pre>
 +
ripemd160
 +
</pre>
  
 
== External Links ==
 
== External Links ==
Line 18: Line 53:
 
* [http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf LUKS On-Disk Format Specification - Version 1.2.1], by Clemens Fruhwirth, October 16, 2011
 
* [http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf LUKS On-Disk Format Specification - Version 1.2.1], by Clemens Fruhwirth, October 16, 2011
 
* [https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html LUKS Disk Encryption], by [[RedHat]]
 
* [https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html LUKS Disk Encryption], by [[RedHat]]
 +
* [https://googledrive.com/host/0B3fBvzttpiiSNUVYSFF1TmRONmc/Linux%20Unified%20Key%20Setup%20(LUKS)%20Disk%20Encryption%20format.pdf LUKS Disk Encryption format specification], by the [[libluksde|libluksde project]], July 2013
 
* [http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ Practical malleability attack against CBC-Encrypted LUKS partitions], by Jakob Lell, December 22, 2013
 
* [http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ Practical malleability attack against CBC-Encrypted LUKS partitions], by Jakob Lell, December 22, 2013
  

Latest revision as of 13:13, 23 December 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Linux Unified Key Setup (LUKS) is commonly used by Linux to encrypt storage media volumes. LUKS is implemented in the Linux kernel in dm-crypt (dm = Device Mapper) and the user-space component cryptsetup.

LUKS supports various encryption methods, like:

These encryption methods can be used in various chaining modes and with various initialization vector modes.

How to detect

A LUKS encrypted volume starts with the "LUKS\xba\xbe" signature.

A hexdump of the start of the volume should look similar to:

00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  63 62 63 2d 65 73 73 69  |........cbc-essi|
00000030  76 3a 73 68 61 32 35 36  00 00 00 00 00 00 00 00  |v:sha256........|
00000040  00 00 00 00 00 00 00 00  72 69 70 65 6d 64 31 36  |........ripemd16|
00000050  30 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |0...............|

The encryption method in the example is:

aes

The encryption mode is in the format:

chaining_mode[-initialization_vector_mode[:initialization_vector_options]]

Which in the example is:

cbc-essiv:sha256

And the password hashing method in the example is:

ripemd160

External Links