3.2.4. LUKS Disk Encryption

Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.

Overview of LUKS

What LUKS does
  • LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives.
  • The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting swap devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
  • LUKS uses the existing device mapper kernel subsystem.
  • LUKS provides passphrase strengthening which protects against dictionary attacks.
  • LUKS devices contain multiple key slots, allowing users to add backup keys/passphrases.
What LUKS does not do:
  • LUKS is not well-suited for applications requiring many (more than eight) users to have distinct access keys to the same device.
  • LUKS is not well-suited for applications requiring file-level encryption.

3.2.4.1. LUKS Implementation in Red Hat Enterprise Linux

Red Hat Enterprise Linux 6 utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt your hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings.
The default cipher used for LUKS (refer to cryptsetup --help) is aes-cbc-essiv:sha256. Note that the installation program, Anaconda, uses by default the AES cipher in XTS mode, aes-xts-plain64. The default key size for LUKS is 256 bits. The default key size for LUKS with Anaconda (XTS mode) is 512 bits.

Warning

Changing the default cryptographic attributes can affect your system's performance and expose your system to various security risks. You should not change the default cryptographic attributes of your system without good knowledge of cryptography and understanding to the capabilities of the used cipher combinations.
Red Hat strongly recommends using the default ciphers. If you need to use another than the default cipher, you can initialize your partition with the --cipher and --key-size options. The syntax of the command is the following:
cryptsetup --verify-passphrase --cipher <cipher>-<mode>-<iv> --key-size <key-size> luksFormat <device>
where <cipher>-<mode>-<iv> is a string representing the used cipher. The string consists of three parts: a block cipher, block cipher mode, and an initial vector (IV).
A block cipher is a deterministic algorithm that operates on data blocks and allows encryption and decryption of bulk data. Block ciphers that are available on Red Hat Enterprise Linux are:
  • AES — Advanced Encryption Standard, a 128-bit symmetric block cipher using encryption keys with lengths of 128, 192, and 256 bits; for more information, refer to the FIPS PUB 197.
  • Twofish — A 128-bit block cipher operating with encryption keys of the range from 128 bits to 256 bits.
  • Serpent — A 128-bit block cipher operating with 128-bit, 192-bit and 256-bit encryption keys.
  • cast5 — A 64-bit Feistel cipher supporting encryption keys of the range from 40 to 128 bits; for more information, refer to the RFC 2144.
  • cast6 — A 128-bit Feistel cipher using 128-bit, 160-bit, 192-bit, 224-bit, or 256-bit encryption keys; for more information, refer to the RFC 2612.
Block cipher mode describes a way the block cipher is repeatedly applied on bulk data in order to encrypt or decrypt the data securely. The following modes can be used:
  • CBC — Cipher Block Chaining; for more information, refer to the NIST SP 800-38A.
  • XTS — XEX Tweakable Block Cipher with Ciphertext Stealing; for more information, refer to the IEEE 1619, or NIST SP 800-38E.
  • CTR — Counter; for more information, refer to the NIST SP 800-38A.
  • ECB — Electronic Codebook; for more information, refer to the NIST SP 800-38A.
  • CFB — Cipher Feedback; for more information, refer to the NIST SP 800-38A.
  • OFB — Output Feedback; for more information, refer to the NIST SP 800-38A.
An initial vector is a block of data used for ciphertext randomization. IV ensures that repeated encryption of the same plain text provides different ciphertext output. IV must not be reused with the same encryption key. For ciphers in CBC mode, IV must be unpredictable, otherwise the system could become vulnerable to certain watermarking attacks (see LUKS/cryptsetup FAQ for more information). Red Hat recommends using the following IV with AES:
  • ESSIV — Encrypted Salt-Sector Initialization Vector - This IV should be used for ciphers in CBC mode. You should use the default hash: sha256.
  • plain64 (or plain) — IV sector offset - This IV should be used for ciphers in XTS mode.
You may also specify the length of the used encryption key. The size of the key depends on the used combination of the block cipher and block cipher mode. If you do not specify the key length, LUKS will use the default value for the given combination. For example: if you decide to use a 128-bit key for AES in CBC mode, LUKS will encrypt your partition using the AES-128 implementation, while specifying a 512-bit key for AES in XTS mode means that the AES-256 implementation will be used. Note that XTS mode operates with two keys, the first is determined for tweakable encryption and the second for regular encryption.