[dm-crypt] Question regarding LUKS

Milan Broz mbroz at redhat.com
Thu Oct 20 10:43:54 CEST 2011


On 10/20/2011 10:18 AM, Arno Wagner wrote:
> I don't think anybody ever invested the money needed
> to find out. 

Well, maybe you noticed some changes in dmcrypt and even
cryptsetup which were directly closely related
to this problem.

AFAIK FIPS 140-2 is always related to some hw config,
but in principle (and if you define cryptographic boundaries
properly) dm-crypt and LUKS have no serious issues here.

The main problem is proper RNG and crypto use (you have
to use only approved RNG and only certified crypto library),
and it cannot be isolated from the kernel certification etc.

So there are no principal problems I know about but
still some changes are needed (some of them are really
formal).

Milan


More information about the dm-crypt mailing list