OPAL2, luks or both?

Cyril LEVIS

unread,

May 9, 2016, 5:37:22 AM5/9/16

to qubes-users

Hi,

I must receive my new hard drive today, à samsung evo 850 of 1TB.

For the moment I have another ssd with opal2 two, at boot I must enter twice a password, one for opal2 and one for luks.

Do you think I can safely only opal2 and get only hardware encryption?

What about opal2 vs luks?

Thanks you

Manuel Amador (Rudd-O)

unread,

May 10, 2016, 8:11:45 PM5/10/16

to qubes...@googlegroups.com

I would suggest avoiding OPAL2 as you have no control over what the
firmware of the drive does, nor do you know whether the encryption is
actually strong, or has been backdoored. LUKS protects you from
malicious drives as well.

--
Rudd-O
http://rudd-o.com/

Chris Laprise

unread,

May 10, 2016, 11:20:56 PM5/10/16

to Manuel Amador (Rudd-O), qubes...@googlegroups.com

Additionally, if you decide to use anti-evil-maid then you will have to
use LUKS.

Chris

Cyril LEVIS

unread,

May 11, 2016, 4:14:56 PM5/11/16

to qubes-users

OK thanks you. I understand.
If we considere that opal2 isnt backdored, Any idea about performance lost/cpu cost between opal2 with spec' hardware that encrypt and luks? My goal is to have also good battery time for example.
Ty!

Chris Laprise

unread,

May 11, 2016, 9:42:21 PM5/11/16

to Cyril LEVIS, qubes-users

Linux disk encryption is very streamlined, and on top of that you have
the CPU handling the AES crypto in hardware. No doubt there are
benchmarks around, and I'm sure the impact is rather slight.

Chris

Achim Patzner

unread,

May 12, 2016, 9:48:23 AM5/12/16

to qubes-users

> Am 12.05.2016 um 03:42 schrieb Chris Laprise <tas...@openmailbox.org>:
>
> Linux disk encryption is very streamlined, and on top of that you have the CPU handling the AES crypto in hardware.

Sure. Most people are running Qubes on CPUs providing AES instructions. Especally those who insist on buying ME-free hardware and other ancient systems.

Achim

Reply all

Reply to author

Forward