Quote from: astor on July 14, 2013, 07:08 pmLUKS does the key management (it's the Linux Unified Key Setup), dm-crypt performs the encryption and can use various ciphers, AES is the cipher. As long dm-crypt implements AES correctly, it should not be less safe than other programs that use AES-256. On the other hand, a company named ElcomSoft released a program last year that steals encryption keys from RAM for TrueCrypt, PGP, and BitLocker encrypted containers, but not for LUKS/dm-crypt encrypted containers, so LUKS/dm-crypt is safer than those other programs, at least in that regard.http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-capable-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/All currently implemented systems are, to the best of my knowledge, vulnerable to this type of attack, to one degree or another. I believe that the original poster is placing too much emphasis on which cipher is used; any reasonably-modern cipher should be able to do the job. What is far more important, as you have pointed out, is the vulnerability of having the container's symmetric key snarfed from RAM. The other thing that is important is the quality of your passphrase. It really isn't going to matter what cipher is used, if you use a passphrase vulnerable to a dictionary attack, a too short one that can be brute-forced, or if you leave it on a sticky note by the monitor. Nightcrawler4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B   (MIT clearnet keyserver)PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B  (IndyMedia https: clearnet keyserver)PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090  (Silk Road Forums PGP Key Link)PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0