Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
"Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. https://www.ru.nl/publish/pages/9092...ft-paper_1.pdf … via @ProfWoodward"
Is HDD with full-disk LUKS in GNU/Linux far more secure so than most SSDs with full-disk LUKS encryption?
Last edited by linustalman; 11-10-2018 at 09:43 AM.
Reason: I added "with full-disk LUKS encryption"
I have not heard of any issues with LUKS, so I guess the naswer is yes. So going forward, if you format the SDD and put LUKS on top of that, I would say you are OK.
I would avoid hardware encryption devices unless the hardware is fully 'open', you really never know what is going on due to the proprietary bits.
Last edited by jmccue; 11-10-2018 at 12:05 PM.
Reason: grammer
I've got an MX100 with a LUKS-encrypted volume on it. As mentioned I think, or maybe just hope, that the dm-crypt folks had the sense to not automatically trust hardware 'encryption'.
"Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. https://www.ru.nl/publish/pages/9092...ft-paper_1.pdf … via @ProfWoodward"
Is HDD with full-disk LUKS in GNU/Linux far more secure so than most SSDs with full-disk LUKS encryption?
Why would you trust a manufacturer and their claims about some disk encryption stuff inbuilt and it working as intended? You should encrypt the disk yourself, using LUKS.
Locksmiths can open (door) locks. Does that mean you can't trust lock manufacturers and should give up using locks on your house ?.
Or maybe you should add anti-tank barriers ...
What are you trying to protect that anyone would care enough to go to all the trouble ?.
Locksmiths can open (door) locks. Does that mean you can't trust lock manufacturers and should give up using locks on your house ?.
Or maybe you should add anti-tank barriers ...
What are you trying to protect that anyone would care enough to go to all the trouble ?.
The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstract block devices gives it a lot of flexibility. This means that it can be used for encrypting any disk-backed file systems supported by the operating system, as well as swap space; write barriers implemented by file systems are preserved
I read somewhere: software encryption (LUKS) is ok, regardless of the device you have. Actually I can't find that page, but if you are really interested you will definitely find it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
SSDs with hardware encryption busted.
