#linux #cryptsetup #luks are there any practices surrounding rotating the volume key using `cryptsetup reencrypt <cryptvolume>`?

IIUC, when the header is stolen it is possible to determine exactly which key/passphrase is the correct one. So by exfiltrating the header alone, one could theoretically start cracking. So reencrypting would prevent a stolen header from being useful for too long a long time afterwards.

Granted, it is a bit hypothetical. #security #encryption #confidentiality

They changed the default hash for plain mode in #cryptsetup

Had a lot of fun after upgrade.

Thanks.

My experience with #FlashDrives recently has been mixed. I have no problem in encrypting them with #LUKS, using #cryptsetup or with formatting a partition with #Btrfs, for instance, using #gparted and doing other tinkering with #Gnome #disks. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.

1/2

#Hardware #StorageDevices #Unix #GNU #Linux #Fedora

In case someone else is wondering why linux luks hard disk encryption is usually within a lvm container: that way you only need one password to unlock multiple partitions.

(found out the hard way)

#linux #cryptsetup #harddisk #encryption