it was suggested that my post () would be better if I asked it here.
So here goes:
I have certain information on my drive that I don't want anyone (not even me ;) ) to gain access to. I read recently that Fedora only offers AES 128 LUKS encryption. This just isn't secure enough for me. I want 256 or stronger for my entire drive.
Now I'm confused because on this site: it says that Fedora only supports 128 - bit. Though here: How secure is Ubuntu's default full-disk encryption? it says that LUKS uses 256 - bit, or is this for Ubuntu only.
Is there a way that I can use 256 or stronger AES full disk encryption on Fedora?
I'm sorry that I have to ask this question in two places. I thought that security forum would be better fit due to it being all about security. I didn't know that it is a system specific configuration/question.
21 Answer
Yes. LUKS/dm-crypt/cryptsetup is available for Fedora, and AES 256 is supported.
But, if you are asking if the Fedora Installation GUI will allow you to do this, I do not know. It may default to AES-XTS with 256 bit keys--but I don't know.
However, this really isn't a distribution specific problem. LUKS, dm-crypt, cryptsetup, and kernel mods are a kernel level problem, and applies to each distribution.
ArchLinux generally has good info on technologies such as this.
Search for this line on that page:
# cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat <device>Other Relevant Questions to Ask:
- How to Configure/Install LUKS after installation.
- How to encrypt Linux mount points after installation.
- How to encrypt Linux swap partitions.
- How to load dm-crypt kernel mods, to decrypt drive at boot.
- How to configure Grub and/or SysLinux to mount encrypted partitions at boot.
- How to configure crypttab and fstab to mount partitions at boot.
- How to configure Linux to mount LUKS partitions, EncFS or ecryptFS at login.