Would there be a difference in running cryptsetup from a Ubuntu USB FD vs internal disk?

Meaning Ubuntu installed on a USB vs an HDD. Would it make a difference security wise, example speed with USB during luksFormat with the specified iter time? Or a difference running it through USB or SATA regarding /dev/random?

Asked By: ChaseH.


The speed of the disk doesn’t play a role here. The number of iterations (and the other parameters like number of threads or memory usage) you see in the LUKS header is used for the key derivation function which is used to derivate key from your passphrase and it is determined based on your CPU speed (or in case of the memory parameter for the Argon2 KDF also on the size of available RAM).

What can have an impact is creating the LUKS device on a system with slower CPU, like for example a RPi where the number of iterations will be very low and then using it on a more powerful system which will be able to derivate key much faster making the brute force attack (a bit) easier.

Answered By: Vojtech Trefny