dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel’s Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTSLRW and ESSIV (see disk encryption theory for further information), in order to avoid watermarking attacks. In addition to that, dm-crypt also addresses some reliability problems of cryptoloop.

dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitionssoftware RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systemsswap or as an LVM physical volume.

Some Linux distributions support the use of dm-crypt on the root file system. These distributions use initrd to prompt the user to enter a passphrase at the console, or insert a smart card prior to the normal boot process.

Source: dm-crypt – Wikipedia

dm-crypt was last modified: February 23rd, 2021 by Jovan Stosic

Leave a Reply