How safe is luks?

Question

I constantly think about encryption, and how safe it might be. The general information I have tends to be secured by passwords that range in the hundreds with random key combinations in between random words and such. That's just for the general stuff, the more sensitive stuff is secured with keyfile's.

How safe would luks (Linux Unified Key Setup) be against government investigation. Lets say I'm in the US, or another country and the government decides to confiscate my drives. I read about the powerful computers the government buys. I just imagine throwing my drive in one of these and brute forcing the partitions. Imagining how long it would take. I know key-file's are more secure against such attacks. I imagine getting a key-file on a small partitioned USB and putting it in a live rasberry pi to carry around and have a push button to activate a crypto-graphically secure wipe/overwrite of the key file if I feel its in danger of being taken. How safe would you say Luks is against such an attack? 8192kB is the Max Keyfile size, I dont like this.

I use dd if=/dev/urandom of=/key bs=8192KB count=1 to generate keyfiles. What are your honest thoughts about the security of this kind of encryption against government or powerful computers?

Any true crypt alternatives that offer ultra encryption like true crypt could? I'm a tor/tails user, a Faraday cage enthusiast and a blanket wielding password typer. Thank you for your thoughts.

https://askubuntu.com/questions/97196/how-secure-is-an-encrypted-luks-filesystem — Alcuin Arundel, Jun 21 '16 at 04:18

score 0 · Answer 1 · answered Jun 22 '16 at 08:45

You may want to investigate how some common encryption schemes like AES work, keys are actually 16 to 64 bytes (maybe 256 or 512?). Having a 10 billion byte passphrase won't really add anything except confusion for you.

Also consider that if a government is investigating you, they could search every device & drive you have anywhere (house, car, work, buried in yard, swallowed, etc), a keyfile would probably help them a lot.

I haven't read anything about Luks being less secure than pgp/gpg, and it has thwarted a few government investigations.

I believe several governments and large corporations use & trust Linux and LUKS, so if it's good enough for them...

score 0 · Answer 2 · answered Jun 28 '16 at 19:42

alternative to old truecrypt is Veracrypt. Supposedly continuing where truecrypt left off. As Veracrypt can encrypt folders, you can have a LUKS volume with a Veracryt container with your photos of the president's wife naked, and they probably won't get to them. However, since the government pays Intel for backdoors into your PC with the firmware chips, who knows, it may store your passwords there?

How safe is luks?

2 Answers2