Arch Linux

Lars Stokholm

Member

From: Denmark

Registered: 2009-03-17

Posts: 223

Clear text passphrases in crypttab

I've encrypted my root and home with this guide, but I don't like that my passphrases are stored in clear text in /etc/crypttab. Can they be encrypted? (Perhaps in a fashion similar to what wpa_passphrase does?)

bluewind

Administrator

From: Austria

Registered: 2008-07-13

Posts: 172

Website

Re: Clear text passphrases in crypttab

crypttab is on an encrypted partition and therefore also encrypted.

Lars Stokholm

Member

From: Denmark

Registered: 2009-03-17

Posts: 223

Re: Clear text passphrases in crypttab

Yeah I know, but doesn't it pose a security threat when the partition is mounted, that the passphrases are stored in clear text? They're only a sudo away.

ataraxia

Member

From: Pittsburgh

Registered: 2007-05-06

Posts: 1,553

Re: Clear text passphrases in crypttab

Why not set it to ASK so you have to type them in when it boots?

Lars Stokholm

Member

From: Denmark

Registered: 2009-03-17

Posts: 223

Re: Clear text passphrases in crypttab

Because I don't want to have to type two passphrases. I type the root passphrase. The home passphrase is in crypttab (on root).

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 11,922

Re: Clear text passphrases in crypttab

from Arch LUKS Wiki

# head -n 220 /dev/urandom | tail -n 200 > /mnt/etc/home.key
# cryptsetup luksAddKey /dev/sda4 /mnt/etc/home.key
Enter any LUKS passphrase: myotherpassword
Verify passphrase: myotherpassword
key slot 0 unlocked.
Command successful.

in /etc/crypttab use this :

home    /dev/sda4    /etc/home.key

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)