Speeding up or Securing up the Encrypted Root Filesystem on Fedora 10

Fedora, and some others Linux distributions doesn’t provide you any simple way to setup the cypher properties on root filesystem.

Here, we will provide you enough information about the cypher process on fedora and one technique to speed up and/or secure up the cypher using XTS instead CBC-ESSIV

At fedora core installation, it is possible to specify if you need to cypher/encrypt the whole disk, and fedora doit using LUKS with 128bit AES (10 iterations). Aditionally, fedora/LUKS uses CBC + ESSIV + SHA-256 to avoid certain kinds of attacks.

LUKS is an advanced cypher managment system under linux that manage the key, the cypher algorithm and the countermeasures to cypher attacks.

If we realize a review of the LUKS cypher header, we will found the next:

LUKS header information for /dev/mapper/via_bbeghceeacp3

Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 1032
MK bits: 128
MK digest: fe c7 59 f7 11 5d 15 26 65 2b 4e c5 0a 0c 8d 0c 2a 4f d8 63
MK salt: 57 b5 b8 c3 bc 2c 99 12 6d 57 60 6c bd ba 1f e8
d4 a9 08 88 69 c7 85 ee 20 c6 36 42 3a 96 8e 91
MK iterations: 10
UUID: 6d3ae09a-5549-4db6-908c-190497437fc9

Key Slot 0: ENABLED
Iterations: 256546
Salt: 25 f7 f2 ff 93 51 90 42 53 b3 a3 bf 5c 37 2f 85
ad 88 e1 71 f1 5e e9 49 9c 00 ed 5c 35 e7 3f a0
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Some things that we should know about cryptography:

  • The world standar in cryptography is AES, their algorithm, initially called Rijndael, won the contest in 2001 against others (Serpent, CAST, etc..)
  • AES-128 will go fast, however, if we need more security, its good to think in AES-256
  • We have heard that Serpent could be more strong than Rijndael, but he received less votes on the AES contest because Serpent is too slow and fat
  • CBC-ESSIV is a conventional mechanism to avoid certain kind of attacks on cypher, however, is slow because you need to cypher again contigous block on every change
  • XTS provide a newest mechanism to avoid this cypher attacks, this mechanism is based on the key and the sector number on the disk, XTS is fastest than CBC, because is no need to cypher again unmodified sectors, XTS also divide the key in two equal size segments, one to their attack prevention mechanism, and the other one to the cypher
  • The installation kernel of fedora 10 dont soport serpent. Only support the following algorithms: AES, XTS, CBC-ESSIV, SHA
  • We have heard that XTS is experimental, however is well accepted now by the community and now is common
  • Fedora 11 will going to use AES-XTS-PLAIN with 256bit AES Anaconda Changelog – 04/2009, This is a good news, we must remember that with XTS, if we specify 512bit, only 256bit will going to be used with the cypher algorithm
  • Due to time restrictions… Fedora Linux dont fill the whole disk with random noise, that is a flaw in crypto design, because in many cases you will be able to look how much free space reside in the cypher disk

Having all of this in mind, we can conclude that AES-CBC is not the best combination for a disk cyphering today. Next, we going to show a comparison table about cyphering possibilities in Fedora:

Cypher Protection Bits Description
AES XTS-PLAIN 128bit for cypher, 128bit for protection (256bit) This is the fastest cyphering option, the cypher is not strongest as AES-256, recommended to people who require a day-to-day cyphering who need speed on their computer.


AES CBC-ESSIV 128bit for cypher This is a slow option for cyphering, additionally is not strongest as AES-256. Comes by default with Fedora 10 Installation


AES CBC-ESSIV 256bit for cypher This is the strongest and slower cyphering protection.


AES XTS-PLAIN 256bit for cypher, 256bit for protection (512bit) This is the option that will be available by default on fedora 11. This is slow because uses AES-256 and is extremly secure, however is more fastest than 256bit AES-CBC-ESSIV


If you dont need extreme security, and you are sure that the people who want to open your files wont use a supercomputer with more than 1 million of actual computers against your cypher for about 30 years, you can think on AES-XTS-PLAIN with AES-128

Otherwise, you will select AES-XTS-PLAIN with AES-256 or AES-XTS-ESSIV with AES-256… (AES-XTS-ESSIV adds ESSIV to XTS, however, XTS also provide security mechanisms to avoid the same attacks that ESSIV prevent)

CBC is discarded. Is fat and slow. And have the same security protections of XTS who are fastest.


With Fedora 10, we dont have options to change the cypher mechanism in a easy way. However, is possible to realize it using the console.

There is a guide to realize this operation:

The first that we should realize is to create “the cyphered shell” before commit the installation.

In case that you have any important data on your computer, realice a backup, and remove all the hard drives that you dont plan to format. If something goes wrong, we dont want to loss your data.

  1. Insert the Fedora 10 Installation CD/DVD
  2. In the first screen, select the Rescue option
  3. Follow the instructions of rescue, and dont start the network and dont mount the /mnt/sysimage (Press Skip)
  4. Find out your hard drive by console, by ex. /dev/sda
  5. In case that you have dual boot, this is a dangerous operation, create first the partitions and next realize the urandom fill by separate with every new partition. This procedure could take several hours or ever days. This procedure will fill your device with random noise to prevent certain type of attacks:
    sh-3.2# cat /dev/urandom > /dev/sda
  6. At the end, we procced to part the disk, create a /boot partition with 256M and use the rest for swap and ROOT:
    sh-3.2# fdisk /dev/sda
    Command (m for help): n
    Command action
    e extended
    p primary
    p
    Partition number (1-4): 1
    First cylinder (1-1044, default 1): (ENTER)
    Using default value 1
    Last cylinder, +cylinders or +size{K,M,G} (1-1044, default 1044): +256M
    Command (m for help): n
    Command action
    e extended
    p primary
    p
    Partition number (1-4): 2
    First cylinder (35-1044, default 35): (ENTER)
    Using default value 35
    Last cylinder, +cylinders or +size{K,M,G} (35-1044, default 1044): (ENTER)
    Using default value 1044

    Command (m for help): t
    Partition number (1-4): 2
    Hex code (type L to list codes): 8e
    Changed system type of partition 2 to 8e (Linux LVM)

    Command (m for help): w
    The partition table has been altered!

    Calling ioctl() to re-read partition table.
    Syncing disks.

    sh-3.2#

  7. The system will be ready to setup the LUKS in /dev/sda2, now choice a strong key with more than 15 characters alphanumeric, and if you want, with symbols.Setup…

    For Speed (AES-128, 10 rounds, XTS):

    sh-3.2# cryptsetup -s 256 -c aes-xts-plain luksFormat /dev/sda2WARNING!
    ========
    This will overwrite data on /dev/sda2 irrevocably.

    Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase: PASSWORD HERE
    Verify passphrase: PASSWORD HERE
    Command successful.
    sh-3.2#

    For Security (AES-256, 10 rondas, XTS):

    sh-3.2# cryptsetup -s 512 -c aes-xts-plain luksFormat /dev/sda2WARNING!
    ========
    This will overwrite data on /dev/sda2 irrevocably.

    Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase: PASSWORD HERE
    Verify passphrase: PASSWORD HERE
    Command successful.
    sh-3.2#

  8. Now, we should mount the “cyphered shell” on a mapper device, because we need to setup the LVM on it
    sh-3.2# cryptsetup luksOpen /dev/sda2 crypto
    Enter LUKS passphrase for /dev/sda2: PASSWORD HERE
    key slot 0 unlocked.
    Command successful.
    sh-3.2#
  9. We will procced to setup the LVM
    sh-3.2# lvm
    lvm> pvcreate /dev/mapper/crypto
    Physical volume “/dev/mapper/crypto” successfully created
    lvm> vgcreate -s 32M VolGroup00 /dev/mapper/crypto
    Volume group “VolGroup00” successfully created
    lvm> (CTRL-D)
    sh-3.2# sync; reboot
    Runing reboot…
    disabling swap…
    unmounting filesystems…
    /mnt/runtime done
    disabling /dev/loop0
    /proc done
    /dev/pts done
    /sys done
    /selinux done
    Terminated
    sh-3.2# sending termination signals…done
    sending kill signals…done
    rebooting system
    Restarting system.

The cyphered shell is ready to use.
Next, we should install the Fedora 10 linux cleanly.

  1. Start the traditional installation
  2. Select the installation language and the keyboard language
  3. Type the password on the password request dialog that should appear with the following sentence: Device sda2 is encrypted. In order to access the device’s contents during installation you must enter the device’s passphrase bellow.
  4. Your system will be unlocked to install the operating system over it
  5. Continue to the screen when you select the partition type, then select the option “Create custom layout”
  6. Select /dev/sda1 and click on “edit” button, Select the “Format as: ext3” option and select /boot as a Mount Point (dont cypher it)
  7. Select VolGroup00, and click on Edit button, will appear a new LVM editor dialog
  8. Click on ADD button, select swap as File System type, and in size (MB), we recommend to use the double of your RAM size. In my specific installation i will use 1024M for 512Mb of RAM memory, then, click on OK
  9. Click on ADD button, select ext3 as File System type, and “/” as Mount Point, and in size (MB), leave the default option that will going to be the rest of the free space, then, click on OK, and next, click again on OK on LVM editor dialog
  10. Click on Next, and next click on Format, and next click on “Write changes to disk”
  11. Follow the installation process as a normal installation. You now have a personalized cypher on Fedora.

On Fedora 10, The pourporse to realize this practice is clear: Speed up the disk and Secure up the cypher. However, with fedora 11, that will going to use AES-256 with XTS, the pourporses could be other, by example, change cypher strong by speed.

Leave a Reply