Is LUKS still an effective option for consumer FDE considering Elcomsoft can break it?



  • I use Fedora Linux and was recently looking into doing Full Disk Encryption on data drives such as /home on some of my / my family's PCs. I understand that LUKS security will be partially dependent on having strong passwords and not doing very obviously stupid things (saw some articles where people were auto-unlocking an encrypted /home partition during boot by passing a keyfile located on an unencrypted / filesystem - which anyone with a livedisc could also use those to open the LUKS container).

    The main reason why I am concerned was that while googling various things about LUKS / its settings, I came across this Elcomsoft article which talks about breaking LUKS encryption. If that wasn't bad enough, I also saw they had a similar article about breaking Veracrypt... so I am at a loss as to what I should use for FDE.

    I admit that most of the infosec stuff is over my head. But I'm still not clear if I can make those solutions secure merely by tweaking settings/algorithms/etc or if the flaw was with something in the projects themselves (I thought it sounded like the latter). On the one hand, the article itself says that

    LUKS can be viewed as an exemplary implementation of disk encryption

    But the scary part is in the "Breaking LUKS Encryption" sections and how they make it sound like it is very easy to do with their software.

    Trying to google was likewise unhelpful as all of the information I could find on "how secure is LUKS?" etc either talked generically about the underlying crypto algorithms or was dated before the Elcomsoft articles. But my reasoning is that in this day and age, it is probably a bit naive to assume that all thieves that might "smash-and-grab" a PC or hard drive from someone's home are going to be technical neophytes. The cheaper of the 2 products mentioned in the LUKS article appeared to be $300 USD. Not chump change but also not unaffordable by any stretch if someone really wanted to get in.

    My initial guess based on these is that FDE with LUKS/Veracrypt would still be "better than nothing", but if I was unlucky and tech-savvy thieves nabbed my PC then data like Tax Records etc might not be protected. Likewise, anything I had almost certainly would not be protected from government entities or law enforce if they have access to the Elcomsoft products or similar software. Assuming I don't piss off anyone in power, the most I probably have to worry about from the "gov'mint" is saving memes or maybe keeping an offline copy of a few youtube videos... but it is troubling to think that it is so easy for FDE to be defeated.

    Am I reading this wrong / is it just sales "spin" from Elcomsoft trying to market their product? If it is as easy to defeat as they make it sound, then can anything be done on the end user end to better protected against? If so, what / how?

    When I see things like

    Up to 10,000 computers and on-demand cloud instances can be used to attack a single password with Elcomsoft Distributed Password Recovery.

    The first thing that goes through my head is to wonder if I can configure LUKS to only allow at most X attempts per minute, with X as some small number like 3. But AFAIK this option does not exist and is nothing more than a dream...


  • QA Engineer

    No, Elcomsoft cannot break LUKS or Veracrypt. What they do is to guess the password. Any password-based encryption mechanism can be broken by guessing the password: this is not a flaw in the encryption software.

    Encryption software can and should mitigate the risk of guessing by making it costly. Both LUKS and Veracrypt do it securely (at least with default settings, it might be possible to weaken the settings if you misconfigure them). They can't completely elimintate the risk of password guessing or snooping because by design, if the adversary figures out what the password is, they will be authorized.

    You can protect yourself by using a password that has a high enough entropy. (See Confused about (password) entropy, Calculating password entropy?, Password entropy in layman's terms, How can I create a secure password?, …) Note that length helps entropy, but is not enough: a long password can be weak (for example, the first line of a well-known song would make a bad password). Special characters contribute very little to entropy and are counterproductive. A high-entropy password must be randomly generated: humans are very bad at generating entropy. Diceware is popular, though actually using dice rather than using a computer for the random generation isn't actually more secure (except in extremely rare, usually made-up circumstances).

    If you can't remember a strong enough password, you can store it (or a password-equivalent key file) on removable storage. Of course, there's then the risk of losing the device containing the key file. Or you can use a TPM and bind the encryption key to that TPM, which carries the risk of not being able to access the data if your motherboard breaks.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2