DevConf.cz 2016 has ended
Can’t make it to #DevConfCZ for any reason? You can still attend virtually: youtube.com/RedHatCzech
Back To Schedule
Sunday, February 7 • 11:30 - 12:10
The future of disk encryption with LUKS2

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

For years Fedora provides disk encryption option
in basic installer configuration. The LUKS (Linux Unified Key Setup),
implemented through cryptsetup library, provides convenient way to
configure such a basic disk-encrypted systems.

In this presentation we will focus on new requirements
for deploying disk encrypted storage in modern systems.
We will present the new LUKS2 format definition that will allow
implementation of these requirements in future.

These requirements are both technical (for example integration
to an enterprise key management systems) but also based
on new advancements in cryptographic algorithms (for example
new key-derivation functions more resistant to massive parallel
systems used by attackers for password cracking).

Another current requirement is an ability to change encryption
parameters without need of complete disk re-formatting.
We will describe prototype of a re-encryption tool that allows
such a change on a fully running system without any downtime.

Last but not least we will mention some interesting answers
from users participating on a survey questionnaire focused
on usage of disk-encryption systems.

avatar for Milan Brož

Milan Brož

Milan Brož is a principal software engineer working for Red Hat and upstream cryptsetup/LUKS maintainer.

Ondrej Kozina

software engineer, Red Hat
I'm software engineer working for Red Hat in storage/LVM team and also RHEL cryptsetup maintainer.You can discuss cryptsetup, LUKS2 and reencryption with me.

Sunday February 7, 2016 11:30 - 12:10 CET
f. E105 (72 places)