[dm-crypt] broken link: Fru05b in pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf

Slim2k slim2k at protonmail.com
Fri Dec 29 14:00:19 CET 2017


It is completely clear now thanks..

On another topic, if you have not looked into it I think the crypto geeks (myself included) are on to something.  The Bip39 mnemonic phrase is reasonably safe to write down / engrave and backup and the hardware wallet offers a simple place to protect a private key with minimal risk of bugs and root kits.  It would be so easy to unlock the Luks drive too even for testing.  So I could use a 1 digit pin for testing and a hardware wallet then later change the password to and still maintain security even if the old stripes were recovered.

I'm not using strips here, but rather I'm encrypting and decrypting the master key on the hardware wallet similar to what your doing in Luks:

https://github.com/jcalfee/trez

If Luks had something like this, it should also have directions for mounting ones own Arm chip and USB connector and flashing both parts of Bios: the firmware upgrade module and the firmware.  So people can audit and build their own even if it is not completely from scratch..

https://youtu.be/BzxGoJdd8a4

Think of this like a Luks header backup with a pin lockout..  TSA may give people a hard time at the boarder because this is for crypto.  They will have a better reason if it is a work-security device..

> -------- Original Message --------
> Subject: Re: [dm-crypt] broken link: Fru05b in pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf
> Local Time: December 28, 2017 2:47 AM
> UTC Time: December 28, 2017 8:47 AM
> From: gmazyland at gmail.com
> To: Slim2k <slim2k at protonmail.com>, dm-crypt at saout.de <dm-crypt at saout.de>
>
> On 12/27/2017 01:52 PM, Slim2k wrote:
>
>> https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf
>> 2.4 AF-Splitter
>> LUKS uses anti-forensic information splitting as speci ed in [
>> Fru05b
>> ].
>
> As Arno said, there is a copy on the cryptsetup project page.
>
> https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/
>
> I'll fix link in spec as well, thanks for pointing this out.
>
>> Also if you think about it please send me the new reference material..
>> I'm interested in learning why dm-crypt splits the master key like this..
>
> Just to be precise, it is split in LUKS userspace, not in kernel dm-crypt.
>
> Anyway, some reasons for AF do not longer apply for the new flash-based
> storage (and not even for modern non-flash drives).
> AF will be replaced one day with something better.
>
> Milan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20171229/35475079/attachment.html>


More information about the dm-crypt mailing list