2025-10-08 –, Belvedere II/ Community, Contribution & the Future
LUKS2 is a de-facto standard disk encryption format for Linux today.
It is managed by the cryptsetup tool and split into the kernel (dm-crypt) and userspace parts.
The talk briefly describes the LUKS2 maintainer's journey over the last several years and cryptsetup requirements for the cryptography backend, where OpenSSL is the default library choice.
Despite disk encryption having been around for decades, LUKS2 is trying to improve security by introducing new cryptographic algorithms. Cryptsetup was behind the introduction of Argon2 KDF in OpenSSL. Similarly, we would like to provide an alternative to length-preserving disk sector encryption modes, either by using authenticated encryption or, at least, replacing the currently used AES-XTS mode. With plans to utilize userspace block devices (ublk), available algorithms and performance of OpenSSL userspace become even more important.
A grumpy developer, maintainer and researcher in the area of storage security.
Linux cryptsetup and LUKS maintainer. For more info see https://mbroz.fedorapeople.org/talks/