I am wondering about LUKS nuke patch efficiency. In fact, I think I don\'t reall

Question

I am wondering about LUKS nuke patch efficiency. In fact, I think I don't really understand it.

From what I know of LUKS, a passphrase is used to encrypt a random key (the master key), which is used to encrypt the data. Both the encrypted master key and the encrypted data are stored on the partition. LUKS nuke equals erasing the encrypted master key.

Let's say my passphrase contains uppercase, lowercase, symbols, number, and is 30 characters long.

Now, is the master key encrypted with the same algorithm as the data? If so, how is it safe to erase the encrypted master key? I just have to try to decrypt the data.

Where am I wrong? Does it take much longer? Are the algorithms different? Do I miss something?

What is the security betterment?

Thank you for your explanations.

Explanation / Answer

The LUKS master key is generated in a truly random manner. As a result, there is no way to guess it faster than simply trying every possible key, and it provides the full potential strength of the underlying encryption algorithm.

Your passphrase is probably not random (and even if it is, it only provides 197 bits of security, while some encryption algorithms provide as much as 256 bits). Because of this, trying to guess the passphrase is probably faster than trying to guess the key derived from it.

Note that LUKS Nuke provides no additional security over plain LUKS when faced with an intelligent attacker. A smart attacker will make a copy of the encrypted volume before trying to beat your password out of you, and giving them the "erase" password will only wipe the copy, not the original.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.