Sections
+ 1. General Questions2. Setup3. Common Problems4. Troubleshooting5.
+ Security Aspects6. Backup and Data Recovery7. Issues with Specific
+ Versions of cryptsetupA. Contributors
-1. General Questions
-2. Setup
-3. Common Problems
-4. Troubleshooting
-5. Security Aspects
-6. Backup and Data Recovery
-7. Issues with Specific Versions of cryptsetup
-A. Contributors
-
-
-1. General Questions
-
+ 1. General Questions
* What is this?
limitations imposed by the LUKS security model BEFORE you face such
a disaster!
-
* Who wrote this?
Current FAQ maintainer is Arno Wagner <arno@wagner.name>. Other
this license is best suited for the purpose at hand and creates the
least problems.
-
* Where is the project website?
There is the project website at http://code.google.com/p/cryptsetup/
Please do not post questions there, nobody will read them. Use
the mailing-list instead.
-
* Is there a mailing-list?
Instructions on how to subscribe to the mailing-list are at on the
with just the word "help" in the subject or message body. Make sure
to send it from your list address.
-
-2. Setup
-
+ 2. Setup
* Can I encrypt an already existing, non-empty partition to use
LUKS?
For backup, plain GNU tar works well and backs up anything likely
to be in a filesystem.
-
* How do I use LUKS with a loop-device?
Just the same as with any block device. If you want, for example,
Afterwards just use /dev/loop0 as a you would use a LUKS partition.
To unmap the file when done, use "losetup -d /dev/loop0".
-
* When I add a new key-slot to LUKS, it asks for a passphrase but
then complains about there not being a key-slot with that
passphrase?
the already configured key-slots in order to be able to configure a
new key-slot.
-
* How do I read a dm-crypt key from file?
Note that the file will still be hashed first, just like keyboard
cryptsetup create --key-file keyfile e1 /dev/loop0
-
* How do I read a LUKS slot key from file?
What you really do here is to read a passphrase from file, just as
cryptsetup luksOpen --key-file keyfile /dev/loop0 e1
-
* How do I read the LUKS master key from file?
The question you should ask yourself first, is why you would want
good reason, please tell me. If I am convinced, I will add how to
do this here.
-
* What are the security requirements for a key read from file?
A file-stored key or passphrase has the same security requirements
head -c 256 /dev/random > keyfile
-
* If I map a journaled file system using dm-crypt/LUKS, does it
still provide its usual transactional guarantees?
better with kernel 2.6.36 and the reworking of filesystem flush
locking. Kernel 2.6.37 is expected to improve this even further.
-
* Can I use LUKS or cryptsetup with a more secure (external) medium
for key storage, e.g. TPM or a smartcard?
own tool that in turn gets the key from the more secure key
storage.
-
* Can I resize a dm-crypt or LUKS partition?
Yes, you can, as neither dm-crypt nor LUKS stores partition size.
encrypted container sizes larger than 2TiB. Use aes-xts-plain64
for that.
-
-3. Common Problems
-
+ 3. Common Problems
* My dm-crypt/LUKS mapping does not work! What general steps are
there to investigate the problem?
If you get a specific error message, investigate what it claims
first. If not, you may want to check the following things.
- - Check that "/dev", including "/dev/mapper/control" is there. If it is
- missing, you may have a problem with the "/dev" tree itself or you
- may have broken udev rules.
+ - Check that "/dev", including "/dev/mapper/control" is there. If it
+ is missing, you may have a problem with the "/dev" tree itself or
+ you may have broken udev rules.
- - Check that you have the device mapper and the crypt target in your kernel.
- The output of "dmsetup targets" should list a "crypt" target. If it
- is not there or the command fails, add device mapper and
- crypt-target to the kernel.
-
- - Check that the hash-functions and ciphers you want to use are in the kernel.
- The output of "cat /proc/crypto" needs to list them.
+ - Check that you have the device mapper and the crypt target in your
+ kernel. The output of "dmsetup targets" should list a "crypt"
+ target. If it is not there or the command fails, add device mapper
+ and crypt-target to the kernel.
+ - Check that the hash-functions and ciphers you want to use are in
+ the kernel. The output of "cat /proc/crypto" needs to list them.
* My dm-crypt mapping suddenly stopped when upgrading cryptsetup.
from 1.0.x to 1.1.x). See under "Issues With Specific Versions of
cryptsetup".
-
* When I call cryptsetup from cron/CGI, I get errors about unknown
features?
from cron/CGI or the non-shell mechanism to be sure you have the
right version.
-
* Unlocking a LUKS device takes very long. Why?
The iteration time for a key-slot (see Section 5 for an explanation
to 10, but it is now derived from the PBKDF2 benchmark as well and
set to iterations in 0.125 sec or 1000, whichever is larger.
-
* "blkid" sees a LUKS UUID and an ext2/swap UUID on the same device.
What is wrong?
dd if=/dev/zero of=<device> bs=512 seek=2 count=6
-
* cryptsetup segfaults on Gentoo amd64 hardened ...
There seems to be some inteference between the hardening and and
other uses, you can apparently specify USE="dynamic" as compile
flag, see http://bugs.gentoo.org/show_bug.cgi?id=283470
-
-4. Troubleshooting
-
+ 4. Troubleshooting
* Can a bad RAM module cause problems?
itself did not report any problems. If you find defect RAM, assume
all backups and copied data to be suspect, unless you did a verify.
-
* How do I test RAM?
First you should know that overclocking often makes memory problems
recommend running the following procedure until the first error is
found:
- - Run Memtest86+ for one cycle
- - Run memterster for one cycle (shut down as many other applications as possible)
+ - Run Memtest86+ for one cycle
+
+ - Run memterster for one cycle (shut down as many other applications
+ as possible)
+
- Run Memtest86+ for 24h or more
- - Run memtester for 24h or more
+
+ - Run memtester for 24h or more
+
If all that does not produce error messages, your RAM may be sound,
but I have had one weak bit that Memtest86+ needed around 60 hours
to find. If you can reproduce the original problem reliably, a good
the settings to the most conservative ones available and try with
that.
-
-5. Security Aspects
-
+ 5. Security Aspects
* Should I initialize (overwrite) a new LUKS/dm-crypt partition?
cat /dev/zero > /dev/mapper/e1
dd if=/dev/zero of=/dev/mapper/e1
-
* How do I securely erase a LUKS (or other) partition?
For LUKS, if you are in a desperate hurry, overwrite the first few
dd_rescue -w /dev/zero /dev/sda10
-
* How do I securely erase a backup of a LUKS partition or header?
That depends on the medium it is stored on. For HDD and SSD, use
after overwrites. Also write-head alignment issues can lead to
data not actually being deleted at all during overwrites.
-
* What about backup? Does it compromise security?
That depends. See next section.
-
* Why is all my data gone if I overwrite the LUKS header?
Overwriting the LUKS header in part or in full is the most common
the running system. Ask on the mailing-list on how to do that and
make sure nobody switches off the machine.
-
* What is a "salt"?
A salt is a random key-grade value added to the passphrase before
reasonably-sized salt value (256 bit, e.g.) this is quite
infeasible.
-
* Is LUKS secure with a low-entropy (bad) passphrase?
This needs a bit of theory. The quality of your passphrase is
either!) If you add 2 or 3 typos or switch some words around, then
this is good passphrase material.
-
* What is "iteration count" and why is decreasing it a bad idea?
Iteration count is the number of PBKDF2 iterations a passphrase is
vulnerable. Lowering it even further increases this danger
significantly.
-
* Is LUKS with default parameters less secure on a slow CPU?
Unfortunately, yes. However the only aspect affected is the
passphrases on fast CPUs. Technology can do only so much to
compensate for problems in front of the keyboard.
-
* Why was the default aes-cbc-plain replaced with aes-cbc-essiv?
The problem is that cbc-plain has a fingerprint vulnerability, where
encryption key as key. This makes the IV unpredictable without
knowing the encryption key and the watermarking attack fails.
-
* Are there any problems with "plain" IV? What is "plain64"?
First, "plain" and "plain64" are both not safe to use with CBC, see
volume sizes <= 2TiB, but not for those > 2TiB. Finally, "plain64"
does not cause any performance penalty compared to "plain".
-
* What about XTS mode?
XTS mode is potentially even more secure than cbc-essiv (but only if
LUKS and dm-crypt always use 512B blocks and the issue does not
apply.
-
-6. Backup and Data Recovery
-
+ 6. Backup and Data Recovery
* Does a backup compromise security?
scenarios. (Well, you can burn the tape if it is under your
control...)
-
* What happens if I overwrite the start of a LUKS partition or
damage the LUKS header or key-slots?
unrecoverable in a cryptographically strong sense, changing about
4-6 bits in random locations of its 128kiB size is quite enough.
-
* What happens if I (quick) format a LUKS partition?
I have not tried the different ways to do this, but very likely you
LUKS header, including the salts. You may also damage the key-slots
in part or in full. See also last item.
-
* What does the on-disk structure of dm-crypt look like?
There is none. dm-crypt takes a block device and gives encrypted
dm-crypt device, the damage will be limited to the are you
overwrote.
-
* What does the on-disk structure of LUKS look like?
A LUKS partition consists of a header, followed by 8 key-slot
The exact specification of the format is here:
http://code.google.com/p/cryptsetup/wiki/Specification
-
* How do I backup a LUKS header?
While you could just copy the appropriate number of bytes from the
cryptsetup luksHeaderBackup --header-backup-file h_bak /dev/mapper/c1
-
* How do I backup a LUKS partition?
You do a sector-image of the whole partition. This will contain the
a sector image of a partition. Note that compression is
ineffective for encrypted data, hence it does not sense to use it.
-
* Do I need a backup of the full partition? Would the header and
key-slots not be enough?
It is highly advisable to have a complete backup to protect against
this case.
-
* Are there security risks from a backup of the LUKS header or a
whole LUKS partition?
access, especially if you only erased the LUKS header and not the
whole partition.
-
* I think this is overly complicated. Is there an alternative?
Yes, you can use plain dm-crypt. It does not allow multiple
exactly the overwritten parts are lost (rounded up to sector
borders).
-
-7. Issues with Specific Versions of cryptsetup
-
+ 7. Issues with Specific Versions of cryptsetup
* When using the create command for plain dm-crypt with cryptsetup
1.1.x, the mapping is incompatible and my data is not accessible
LUKS stores cipher and mode in the metadata on disk, avoiding this
problem.
-
* cryptsetup on SLED 10 has problems...
SLED 10 is missing an essential kernel patch for dm-crypt, which
A. Contributors In no particular order:
- Arno Wagner
+
- Milan Broz
+
projects / platform / upstream / cryptsetup.git / commitdiff