Anyone else feeling black pilled by LUKS KDF attacks?
Discussion
Had not heard about this (nor do I really understand it). Perhaps a mitigation would be to store the especially sensitive data on the drive within a VeraCrypt vault as well?
Maybe. To my knowledge VeraCrypt would suffer the same weakness. KDF functions are easily GPU attacked. Using modern LUKS with a memory hard KDF and a strong password seems to be the best option, but even then your password should probably be very strong.
Maybe I'm just paranoid though 🤷♂️
When I've created VeraCrypt volumes the software has me move around the mouse a lot to generate a bunch of entropy for the encryption keys. Maybe that means it's not relying on KDF the way LUKS is?
No, that is generating entropy for the keyfile. Your keyfile is then encrypted with a password based KDF, just like LUKS. The exact details differ a bit, but the overall architecture is the same. Still need to use a memoryhard PBKDF to encrypt the keyfile.
Maybe VeraCrypt uses a memory hard PBKDF, in which case I would say it is as good as modern LUKS.
I asked around about this and from what I heard it's much more likely they discovered his password (or clues like password length) through surveillance than actually cracked the encryption
Oh I wondered. About this. Do you have a source?
Fwiw, the criticism of pbkdf still stands on its own