You can also simply have LUKS with a detached header - I know some people that h...

notfed · on June 7, 2020

I called this out in the PUREE paper:

> To be fair, some tools do support support completely-random-looking disk layouts, but in most cases, they either:

> 1. Are key-based (e.g., require a 128-bit or 256-bit key) rather than password based, in which case, the key must stored elsewhere. (Where do you store the key?)

> 2. Ask the user to store a (non-random-looking) disk-encryption header elsewhere (i.e., “detached header mode”). (Where do you store the header?)

tempay · on June 7, 2020

> 1. Are key-based (e.g., require a 128-bit or 256-bit key) rather than password based, in which case, the key must stored elsewhere. (Where do you store the key?)

Is there a reason why this is notably different? Why can't the password be hashed to get the fixed length key?

viraptor · on June 8, 2020

Yes, it's a pretty standard approach. I can't even recall anything that uses passwords directly these days. Mostly due to world relying mainly on aes where you have to derive the key.

jcynix · on June 8, 2020

> 2. Ask the user to store a (non-random-looking) disk-encryption header elsewhere (i.e., “detached header mode”). (Where do you store the header?)

If the header isn't needed on a daily basis, storing it as a QR-Code on paper would be a possibility.

comboy · on June 7, 2020

Be careful with that solution, you then have to have a separate backup strategy for that USB data.

OJFord · on June 7, 2020

Only if the computer has important (and not backed up/replicated) state.

dkdk8283 · on June 7, 2020

Exactly, and that backup strategy is likely to be the weak link.

xwdv · on June 7, 2020

Throw it in an S3 bucket. Done.