7

I previously had been using TrueCrypt, but recently re-installed Ubuntu and used 12.10's full disk encryption option (re-installed for other reasons). I never got any choice in how it did that. I don't know what cipher is used or the key size, or anything besides the passphrase really. Where can I find details about this sda5_crypt?

Edit: Seeing this mistake is humorous, but for those curious, sda5 refers to the hard drive and partition, not the encryption system.

Dakota West
  • 181
  • 2
    possible duplicates - http://askubuntu.com/questions/102271/are-there-any-known-vulnerabilities-to-ubuntus-full-disk-encryption-feature, and http://askubuntu.com/questions/187874/how-will-12-10-disk-encryption-affect-performance – jrg Dec 12 '12 at 22:04
  • 2
    Not an exact dupe but I think your answer is here. – Tom Brossman Dec 12 '12 at 22:16
  • eCryptfs, flexible and easy to use. The only drawback I can think of is that it is NOT cross-platform like TrueCrypt (file container is so flexible). https://help.ubuntu.com/12.04/serverguide/ecryptfs.html – Terry Wang Dec 12 '12 at 22:16
  • Thank you Tom. I don't understand why that's not expressed to the user when they're setting it up. – Dakota West Dec 12 '12 at 22:28
  • 3
    To commentators above: please don't confuse eCryptfs (homedir) and dm-crypt (FDE). – gertvdijk Dec 12 '12 at 22:44
  • Ok, mixed up there. So what is the default algorithm for FDE?

    Edit: AES-XTS

     – Dakota West Dec 12 '12 at 22:54

1 Answers1

5

Full disk encryption is using the dm-crypt kernel module, managed by Luks/cryptsetup. If you choose to encrypt your home directory, eCryptfs is used instead. These are two different technologies. I assume you chose full disk encryption here in my answer.

Use the command

# cryptsetup luksDump /dev/sda5

to view the current detailed configuration for sda5. And another example:

# cryptsetup status sda5_crypt
/dev/mapper/sda5_crypt is active and is in use.
  type:    LUKS1
  cipher:  aes-cbc-essiv:sha256
[...]

Read more on dm-crypt on Wikipedia: dm-crypt and more on eCryptfs on Wikipedia: eCryptfs.

gertvdijk
  • 67,947
  • 1
    Thank you. Mine shows AES-XTS with a 512 bit key. Is that the default or does it vary by CPU? – Dakota West Dec 12 '12 at 22:55
  • Varies by Ubuntu default options in the installation I guess. This may have changed since 12.10 as I'm still on 12.04 and it was possible to select the cipher yourself in the 'alternate' installer, unavailable since 12.10. – gertvdijk Dec 12 '12 at 22:58