-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Notice: because of the way device-mapper seems to do lazy updates to the disk, you’ll need to restart your cryptsetup system before you can use fluks. Rebooting is the only solution/workaround I’ve found so far.
fluks is an expanded implementation of the LUKS standard. LUKS is the Linux Unified Key Setup, which is a secure and flexible way of providing disk encryption. The master key is stored in an encrypted form in the LUKS header, and it can be decrypted by the corresponding password. This allows multiple passphrases to be used, or for the passphrase to be changed after the fact.
The reason for fluks is to support other hash functions, cipher-block modes, and ciphers. It is written in C++ with all free (i.e. not GPL-encumbered) libraries and code. It is itself licensed with ISC (or equivalent for some of the crypto), which as I understand it is the same as MIT but less wordy. The only copyleft-encumbered library linked to is glibc.
I’ve been using it on my desktop’s /home
since 2009-07 and it works pretty well. Here’s what fluks supports:
Hash functions:
- MD5∗†
- RMD160†
- SHA-1†
- SHA-2 (224∗, 256, 384∗, 512)†
- Tiger (128, 160, 192)∗‡
- Whirlpool (256, 384, 512)∗‡
Ciphers:
- AES (Rijndael)†
- Blowfish∗†
- Camellia∗†
- CAST-128 (CAST5, RFC 2144)†
- CAST-256 (CAST6, RFC 2612)§
- Serpent§
- Twofish‡
Cipher block modes:
- CBC (Cipher-block chaining)§
- CFB (Cipher feedback)∗§
- CTR (Counter)∗§
- ECB (Electronic codebook)§
- OFB (Output feedback)∗§
- PCBC (Propagating cipher-block chaining)∗§
∗ not in the LUKS spec
† OpenSSL implementation
‡ based off reference implementation
§ independent implementation
I suppose my to-do list should include adding bindings for things. Right now I have a simple script in /etc/init.d
, but it is a sub-optimal solution.
Check out the wiki pages for info on building and using fluks.
—Markus Peloquin