How secure is an encrypted LUKS filesystem?
Solution 1:
Yes, it is secure. Ubuntu uses AES-256 to encrypt the disk volume and has a cypher feedback to help protect it from frequency attacks and others attacks that target statically encrypted data.
As an algorithm, AES is secure and this has been proved by crypt-analysis testing. The weakness actually lies within the cypher and the software to pass it the keys. Specifically lies in the keystore (which is stored in the header of the volume), the keystore is secured by a passphrase. Passphrases are of course open to some attacks such as dictionary/brute force (if this was successful, it would decrypt the keystore). Using long "complex" non-word passwords would reduce the chance of this happening.
The only other possibility to decrypt is using recording devices or social engineering to determine your passphrase.
In short, your computer is reasonably safe unless you are subject to serious organised cyber crime or Government investigation!
Solution 2:
Here are two resources about attacks on this type of file system that seem to be interesting: http://dx.eng.uiowa.edu/dave/luks.php http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/
In short, the latter document describes that it is possible to inject a remote code execution backdoor into the LUKS setup created by the Ubuntu 12.04 installer. This attack only needs access to the encrypted hard drive (it does not rely on manipulating the unencrypted /boot
partition or the BIOS).
While the attack is pretty bad, it does not apply to modern LUCS setups. The attack can only be applied if the block mode is CBC
, for example if the cipher aes-cbc-essiv
is used. Modern setups use other block modes, like the cipher aes-xts-plain64
(see this article on the ArchLinux wiki).
To check which cipher is used by your setup, run:
sudo cryptsetup status [device]
where [device]
is your mapping, like /dev/mapper/sda3_crypt
.
Solution 3:
I have created a Windows program that will perform a dictionary attack on Luks volumes. http://code.google.com/p/luks-volume-cracker/
Its slow by design, trying around 3 keys a second. Other dictionary attacks will be similarly slow, so unless you've chosen an easy passphrase the weakness will not be the algorithm.
Be aware of key stealing from memory, and caching of files, however.