hidden or visible luks key?

Berticus · 2009-08-10 19:12:10

I've been debating whether or not to make my luks key visible on my usb drive. The disadvantage of having it visible is anybody could edit it, and I wouldn't be able to get back onto my pc. On the other hand, if it's hidden (stored between mbr and first partition), and the usb key becomes corrupt or destroyed, I would lose the key. Then again, that would happen with a visible file as well... Also, since it's the Corsair Survivor, I'm hoping the likelihood of it being physically destroyed has been minimized.

In any event, I'm still trying to debate which one I want to do. Am I overlooking something that could convince me to go with either method?

Last edited by Berticus (2009-08-10 19:12:24)

Zariel · 2009-08-10 19:22:09

I would personally have it hidden, but also have it backed up somewhere.

andre.ramaciotti · 2009-08-11 01:31:21

IIRC, you can set more than one concurrent password with luks. Use a hidden key but set a "manual" password in case your usb key becomes corrupt.

Berticus · 2009-08-15 14:22:44

Thanks for the suggestion. Also, how do I determine the offset?

djszapi · 2009-08-16 07:15:28

What kind of offset ?

Berticus · 2009-08-16 13:05:39

http://wiki.archlinux.org/index.php/LUK … _partition

Now you have to add a kernel parameter in your menu.lst (Grub), it should look something like this:
kernel /vmlinuz26 root=/dev/hda3 ro vga=791 cryptkey=/dev/usbstick:2048:2048
Format for the cryptkey option:
cryptkey=BLOCKDEVICE:OFFSET:SIZE

I also have grub on the mbr

Arch Linux

#1 2009-08-10 19:12:10

hidden or visible luks key?

#2 2009-08-10 19:22:09

Re: hidden or visible luks key?

#3 2009-08-11 01:31:21

Re: hidden or visible luks key?

#4 2009-08-15 14:22:44

Re: hidden or visible luks key?

#5 2009-08-16 07:15:28

Re: hidden or visible luks key?

#6 2009-08-16 13:05:39

Re: hidden or visible luks key?

Board footer