DEV Community

Ali
Ali

Posted on • Edited on

How to Encrypt a USB drive Using Cryptsetup with LUKS on Linux

Do you even encrypt ?

Bitlocker is Windows default disk encryption software.

Cryptsetup on the other is Linux go-to for full disk encryption. It comes preinstalled on the major Linux distributions out there. It supports multiple encryption formats, including Bitlocker’s.

But our focus here will be on the LUKS(Linux Unified Key Setup) format, which is the standard in terms of Linux disk encryption.

Cryptsetup offers plenty of options when encrypting drives.

But before doing anything, let’s run a benchmark to test our computer’s encryption/decryption speed. This will tell us the best algorithm to use to encrypt our USB drive.

Let’s run cryptsetup benchmark in the terminal.

Here's the output:

Image description

We will ignore the first test and jump right to the second part. Here the aes-xts algorithm has the fastest encryption and decryption speed overall for our machine. We’ll go with the last one in the list with a Key size of 512-Bit. (it's highlighted in blue)

Here are the settings I use when encrypting:

sudo luksFormat (usb drive path) -c aes-xts-plain64 — key-size 512 — hash sha512 — iter-time 50000

Let’s explore each one of these parameters:

  • c: Ciphering algorithm used for encryption.
  • key-size: Key size used for encryption.
  • hash: Hashing method used on the passphrase.
  • iter-time: Number of milliseconds to process the passphrase.

Keep in mind that running that command will format and fully encrypt your drive so be careful and make sure to backup your files before doing anything and you’re good to go.

Oh! I almost forgot, always use long pass-phrases to encrypt. This will ensure that your drive doesn’t get brute-forced easily.

Top comments (0)