Compatibility for cryptsetup (Linux)

[Mustela]

I have everything for mounting partitions from Thunar. I can mount and unmount ext2 (I suppose ext3 too) and MS-DOS plain filesystems. Now, when the partition is encrypted with cryptsetup, Thunar shows that it is encrypted and queries for the password, but it doesn't work. He continues thinking. GBDE doesn't work.

Are the encrypters fully incompatible on BSD/Linux? If I see the "x GB encrypted partition" on Thunar, can I decrypt?

It is an important point of compatibility for these things and for these OSes.

 

[SirDice]

FreeBSD doesn't support Linux' LUKS.

 

[horacio]

In all this years is this still in the same status?? whitout support for luks, Is there another method to open a luks partition?

 

[cracauer@]

Same status.

Now, Linux cryptsetup has a headerless mode which presumably can be hacked up to be accessed in FreeBSD relatively easily. But very few people are using that mode, and I do not think any distributions at all use it when creating encrypted block devices from the installer.

As for the value of implementing it, there also is LVM, which is often lurking below and would have to be implemented, too, if so.

 

[rootbert]

you could try security/veracrypt

 

[cy@]

Hmm. What does disk encryption have to do with window managers?

 

[rbranco]

DragonflyBSD appears to support LUKS, but I don't know if v2 is supported:

DragonFlyBSD: DragonFly's Major Features List

www.dragonflybsd.org

I guess you have to use ZFS native encryption.

 

[canihazsekooriti]

Same status.

Now, Linux cryptsetup has a headerless mode which presumably can be hacked up to be accessed in FreeBSD relatively easily. But very few people are using that mode, and I do not think any distributions at all use it when creating encrypted block devices from the installer.

Very few peoples using it? For real? Not like anyone would know, considering the approach.

I dunno, I have my Fedora boot right into a double nested plain cryptsetup encrypted root, and I reclaimed 25% of CPU flops somewhere in the process. Just sayin'.

 

[zirias@]

Very few peoples using it? For real?

Yes. Just because it doesn't serve any purpose as-is. The only purpose is hiding that there is some encrypted container at all. This is moot when applied to the whole disk, a disk full of "random" data is a clear telltale. You'd have to at least hide it inside some (possibly unencrypted) dummy system, which still must appear "used" to be somewhat plausible. If that stuff really matches your threat level, you should consider getting a gun as well.

I dunno, I have my Fedora boot right into a double nested plain cryptsetup encrypted root, and I reclaimed 25% of CPU flops somewhere in the process. Just sayin'.

That literally makes no sense. Neither does encrypting already encrypted stuff do anything (apart from consuming CPU cycles), nor do some headers with meta-info consume any CPU cycles.

If the purpose of the "outer" encrypted container is to hide the inner one, the outer should have a header. Otherwise, the idea to look for more "completely hidden" containers comes pretty natural.