I'm not a an expert in cryptography, but I've read the project's faqs.
How is LUKS dm-crypt secure if the key is stored with the encrypted data? To me, this seems like hanging a door key on the door it locks. Is a passphrase enough to secure it?
And a continuation: If it is secure to keep the key with the encrypted partition/container, am I correct in assuming that LUKS header backups can also be treated as normal files and not secret data?
Best Answer
Yes, it is, if you choose a sufficiently strong passphrase. Ideally, the passphrase should be as strong as the (symmetric) key. Current minimum recommendation is to use 128 bit, so ideally you should use a 128-bit passphrase. How long that is in practice depends on how you generate your key.
asl3486nysdllk23bh2jl4
. Secure, but rather difficult to remember...american-english
file from Debian's wamerican package: The file has about 99,000 words, so each word gives you log2(99,000)=16.6 bits of entropy, meaning you'd need eight words. For example:orthogonal Seoul Pygmalion's abuse flints yachtsman's classicists outsource
. Still not nice, but probably better than the solution above...If you choose a shorter passphrase, then yes, security will be reduced (though it might still be acceptable). Note that LUKS employs a key stretching algorithm to make even a "weak" key more resistant against attack. However, there are some attacks against it, so ideally you should still choose a 128-bit passphrase.
Yes, that is correct. The header backups contain the key, but it is protected with the passphrase.