cross-posted from: https://programming.dev/post/9319044
Hey,
I am planning to implement authenticated boot inspired from Pid Eins’ blog. I’ll be using pam mount for /home/user. I need to check integrity of all partitions.
I have been using luks+ext4 till now. I am
hesistanthesitant to switch to zfs/btrfs, afraid I might fuck up. A while back I accidently purged ‘/’ trying out timeshift which was my fault.Should I use zfs/btrfs for /home/user? As for root, I’m considering luks+(zfs/btrfs) to be restorable to blank state.
The French justice system isn’t like that, though. The guy assured everyone he did not give his password away, which would’ve been obvious with rubber hose cryptography.
My guess is that he reused the password elsewhere or they were able to find a copy of the key in RAM, but it’s certainly possible that law enforcement knows something about LUKS we don’t.
Or its possible that he reused passwords
That’s what I said, lol. But he did claim he didn’t reuse the password, so who knows? He also could’ve used a very low number of iterations, making cracking the LUKS header feasible; the default is based on how many iterations your CPU can do in a certain amount of time, so a not-so-powerful laptop could be nerfing its own security.
Regardless, it can’t hurt to pick a more modern PKDF algorithm.