Compatibility for cryptsetup (Linux)

Mustela · Sep 18, 2013

I have everything for mounting partitions from Thunar. I can mount and unmount ext2 (I suppose ext3 too) and MS-DOS plain filesystems. Now, when the partition is encrypted with cryptsetup, Thunar shows that it is encrypted and queries for the password, but it doesn't work. He continues thinking. GBDE doesn't work.

Are the encrypters fully incompatible on BSD/Linux? If I see the "x GB encrypted partition" on Thunar, can I decrypt?

It is an important point of compatibility for these things and for these OSes.

SirDice · Sep 18, 2013

FreeBSD doesn't support Linux' LUKS.

horacio · Jan 22, 2024

In all this years is this still in the same status?? whitout support for luks, Is there another method to open a luks partition?

cracauer@ · Jan 22, 2024

Same status.

Now, Linux cryptsetup has a headerless mode which presumably can be hacked up to be accessed in FreeBSD relatively easily. But very few people are using that mode, and I do not think any distributions at all use it when creating encrypted block devices from the installer.

As for the value of implementing it, there also is LVM, which is often lurking below and would have to be implemented, too, if so.

rootbert · Jan 22, 2024

you could try security/veracrypt

cy@ · Jan 22, 2024

Hmm. What does disk encryption have to do with window managers?

rbranco · Jan 22, 2024

DragonflyBSD appears to support LUKS, but I don't know if v2 is supported:

DragonFlyBSD: DragonFly's Major Features List

www.dragonflybsd.org

I guess you have to use ZFS native encryption.

canihazsekooriti · Apr 22, 2024

cracauer@ said:
Same status.

Now, Linux cryptsetup has a headerless mode which presumably can be hacked up to be accessed in FreeBSD relatively easily. But very few people are using that mode, and I do not think any distributions at all use it when creating encrypted block devices from the installer.

Very few peoples using it? For real? Not like anyone would know, considering the approach.

I dunno, I have my Fedora boot right into a double nested plain cryptsetup encrypted root, and I reclaimed 25% of CPU flops somewhere in the process. Just sayin'.

zirias@ · Apr 25, 2024

canihazsekooriti said:
Very few peoples using it? For real?

Yes. Just because it doesn't serve any purpose as-is. The only purpose is hiding that there is some encrypted container at all. This is moot when applied to the whole disk, a disk full of "random" data is a clear telltale. You'd have to at least hide it inside some (possibly unencrypted) dummy system, which still must appear "used" to be somewhat plausible. If that stuff really matches your threat level, you should consider getting a gun as well.

canihazsekooriti said:
I dunno, I have my Fedora boot right into a double nested plain cryptsetup encrypted root, and I reclaimed 25% of CPU flops somewhere in the process. Just sayin'.

That literally makes no sense. Neither does encrypting already encrypted stuff do anything (apart from consuming CPU cycles), nor do some headers with meta-info consume any CPU cycles.

If the purpose of the "outer" encrypted container is to hide the inner one, the outer should have a header. Otherwise, the idea to look for more "completely hidden" containers comes pretty natural.

canihazsekooriti · Dec 5, 2024

zirias@ said:
The only purpose is hiding that there is some encrypted container at all. This is moot when applied to the whole disk, a disk full of "random" data is a clear telltale. You'd have to at least hide it inside some (possibly unencrypted) dummy system, which still must appear "used" to be somewhat plausible. If that stuff really matches your threat level, you should consider getting a gun as well.

You derail the conversation. Encryption is not just to hide stuff! Encryption is a security mechanism to prevent certain security compromises via hardware's direct access to your computer internals. It's not a panacea, but it does raise the threshold much, much higher. I mean you all read Snowden's files, NSA has targets just to harass people for shits and giggles...someone doesn't like someone (they don't like Trump supporters, for example), and their computers start acting up. Or on contrary, NSA are the good guys who want to help you and prod you to secure your computer from malicious actors or something. So it's not like you are being hunted, but even if you were not, it's just the most basic hardening.

rbranco said:
DragonflyBSD appears to support LUKS, but I don't know if v2 is supported:

DragonFlyBSD: DragonFly's Major Features List

www.dragonflybsd.org

I guess you have to use ZFS native encryption.

DrangonflyBSD seems to support cryptsetup! Thanks. But what ciphers do they support? How would one lookup what ciphers does a BSD kernel support?

How divergent DragonflyBSD is from FreeBSD?

SirDice · Dec 5, 2024

canihazsekooriti said:
How divergent DragonflyBSD is from FreeBSD?

It branched off from FreeBSD somewhere between 4.8 and 4.9. So quite a bit.

zirias@ · Dec 5, 2024

canihazsekooriti said:
You derail the conversation.

Actually, you're doing that right now.

canihazsekooriti said:
Encryption is not just to hide stuff! Encryption is a security mechanism to prevent certain security compromises via hardware's direct access to your computer internals.

Only this wasn't about encryption in general but about stuff like "headerless" schemes.

Compatibility for cryptsetup (Linux)

Mustela

SirDice

Administrator

horacio

cracauer@

rootbert

cy@

rbranco

DragonFlyBSD: DragonFly's Major Features List

canihazsekooriti

zirias@

canihazsekooriti

DragonFlyBSD: DragonFly's Major Features List

SirDice

Administrator

zirias@