Dm-crypt

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks.[1] In addition to that, dm-crypt addresses some reliability problems of cryptoloop.[2]

dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume.

Some Linux distributions support the use of dm-crypt on the root file system. These distributions use initrd to prompt the user to enter a passphrase at the console, or insert a smart card prior to the normal boot process.[3]

  1. ^ Fruhwirth, Clemens (18 July 2005). "New Methods in Hard Disk Encryption" (PDF). Vienna University of Technology. Retrieved 22 August 2024.
  2. ^ Peters, Mike. "Encrypting partitions using dm-crypt and the 2.6 series kernel". Linux.com. Archived from the original on 11 July 2012. Retrieved 22 August 2024.
  3. ^ Cite error: The named reference crypt-fedora was invoked but never defined (see the help page).