Due to its volume all content related to Linux Unified Key Setup (LUKS) has been moved to a separate project website.


New Methods in Hard Disk Encryption

This work investigates the state of the art in hard disk cryptography. As the choice of the cipher mode is essential for the security of hard disk data, we discuss the recent cipher mode developments at two standardisation bodies, NIST and IEEE. It is a necessity to consider new developments, as the most common cipher mode -- namely CBC -- has many security problems. This work devotes a chapter to the analysis of CBC weaknesses.

Next to others, the main contributions of this work are (1) efficient algorithms for series of multiplications in a finite field (Galois Field), (2) analysis of the security of password-based cryptography with respect to low entropy attacks and (3) a design template for secure key management, namely TKS1. For the latter, it is assumed that key management has to be done on regular user hardware in the absence of any special security hardware like key tokens. We solve the problems arising from magnetic storage by introducing a method called anti-forensic information splitter.

This work is complemented by the presentation of a system implementing a variant of TKS1. It is called LUKS and it was developed and implemented by the author of this work.

TKS1 - An anti-forensic, two level, and iterated key setup scheme

This paper sketches the problems connected with usual hard disk encryption setups. It introduces the reader to PBKDF2, a password based key derive function, which provides better resistance against brute force attacks based on entropy weak user passwords. It proposes to use a two level hierarchy of cryptographic keys to provide the ability to change passwords and drafts solutions to the key storage problem arising when using two levels of cryptography due to the fact, that given the abilities of recent forensic data recovery methods, data can't be destroyed on magnetic storage media reli,ably.

LUKS On-Disk Format Specification

This document was moved to the LUKS website.

Minor Contributions & Code

Cryptoloop Migration Guide

Guide for migration old cryptoloop setups to Linux 2.6.

Anti-forensic information splitter

The AFsplitter supports secure data destruction crucial for secure on-disk key management. The key idea is to bloat information and therefor improving the chance of destroying a single bit of it. The information is bloated in such a way, that a single missing bit causes the original information become unrecoverable. The theory behind AFsplitter is presented in TKS1.


Encrypted Sector Salt Initialization Vector, short ESSIV derives from the equation E(Sector|Salt) = IV. To get an idea what ESSIV is about see my brief ESSIV description. Update: this patch has been merged in 2.6.10, in a little bit different form. Just upgrade to 2.6.10 to get ESSIV.


an ioctl call tracker to extract key and key size from weird patched losetup binaries.

This article is translated to Serbo-Croatian language by Web Geeks .