# Loop-AES (multi-key v3 mode) versus dm-crypt with LUKS

## casso

Hi,

I am looking for some information on key sizes and security with loop-AES and dm-crypt with LUKS.

Firstly I know that loop-AES with just a password as a key is certainly no better than dm-crypt with LUKS would be. When using loop-AES with multi-key version 3 mode, there are 65 keys used. I believe that it is 64 keys for data, and one for the IV. Following the procedure from the loop-AES readme generates 2925 bytes of random data to create the keys. Hence we have 2925 bytes that would need to be cracked in order to break the encryption, even though I'm using 256-bit AES encryption.

The question is, how does this compare to dm-crypt with LUKS? I understand that if the keys are stored on the hard disk, or inside the file system container, that the master key is only 4 bytes long. This is assuming I have read the data correctly from the LUKS-on-disk-format documentation http://luks.endorphin.org/LUKS-on-disk-format.pdf If an external key is used, for example a key stored as an external file, then how long can this file be and how does this security relate to loop-AES in multi-key version 3 mode?

Don't get me wrong, I would really rather use dm-crypt with LUKS as it is the easiest system to build and work with. The problem is that I also want the most secure system I can use. If dm-crypt with LUKS is not as secure as my loop-AES system, then I will stick with what I have and deal with the additional overhead   :Sad:  .

I'm hoping someone who really does know there stuff when it comes to dm-crypt or even both will be able to present some interesting information, or point me in the right direction when it comes to the security of these systems.

Thank you,

Michael Cassaniti

----------

## casso

I must have posted something difficult, seems like after about 30 views, no one can give me any feedback. Maybe someone knows somewhere else I should be asking the question. All I really need to know is how many different keys I will be using for dm-crypt with LUKS if I use an external key file, and any other details appropriate. I hope that the external key file is not just a replacement for a password to encrypt the master key that is stored on disk. Anyone any ideas?

----------

## ShadowEyez

Note: I am NOT a cryptologist!

I use loop-aes, though have never tried dm-crypt.  The main difference I've heard is the encoding methods used.  The v3 key system in loop aes uses 64 keys for encryption and one key for the CBC IV, and I've heard that the dm-crypt/LUKS system uses an IV that one can do a watermarking attack against.

Go to the linux crypto mailing list:

List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>

where these issues are discussed.  Jari (the developer) is very helpful with questions and comments.  To setup loop-aes requires kernel and application patching and recompiling, along with possible partision and file system changes and is not for linux newbies (back up data first).

In reailty any modern disk encryption is pretty secure unless your adversary is the goverment or some really big and rich company.  But loop-aes is probably top of the line as far as free public disk encryption software is concerned.

~ShadowEyez~

----------

## asiobob

might be worth posing the question to the luks mailing list / author

----------

## ShadowEyez

 *ASIO_BOB wrote:*   

> might be worth posing the question to the luks mailing list / author

 

OK, I'll admit I'm baised twoard loop-aes, and I have read that it is (was?) more secure, but they may have fixed the above issue b

----------

## casso

Thank you for the feedback. I would still like to hear more if anyone has any further comments.

I have done a course on data security at Uni, and thankfully knew the information given about loop-aes by ShadowEyez (which shows I did read the README properly, so thanks), but I am not a cryptologist either, and I just want to know the true strength of my system.

As anyone should know involved in data security, if you really want to break a system, you will. You just need enough time/resources to donate to it. This of course assumes that pointing a gun at the system user and asking them to unlock it is not one of your solutions to breaking the encryption system.

I will consider signing up to the mailing list for LUKS, but I am always hesitant about being a member of several mailing lists. I know that most of them will never inundate me with loads of email. I guess my concern is forgetting my password and keeping track of how many I have an account to. Am I the only one who has this .... ecentricity?

I did hear that v1 of loop-aes, ie: with only one key (the password) was susceptible to a watermark attack also, but thankfully for me I am not using that for my system.

Once again, thanks for the information. I hope to gather some more if anyone has something useful.

Michael Cassaniti

----------

