You are not logged in.
- Topics: Active | Unanswered
#1 2012-11-23 08:23:19
- HazHac7
- Member
- Registered: 2012-08-05
- Posts: 3
"Reusing" LUKS password for several instances
Is it possible to "reuse" the same password for multiple luks partitions so that only one password has to be entered during boot time?
Does something similar to /lib/cryptsetup/scripts/decrypt_derived in Debian exist in Arch?
Offline
#2 2012-11-23 09:12:32
- matse
- Member
- Registered: 2011-04-27
- Posts: 299
Re: "Reusing" LUKS password for several instances
I don't know whether duch a "decrypt_derived" script exists but as a "workaround" you can just create random keys for your non-root partitions, save these keys on your encrypted root partition and mount all your non root partitions via crypttab on boot after your root has been mounted.
Nice side-effect is that an attacker hat to get first the password to your root partition to retreive the keys for your other partitions or has to brute force each partition on it's own.
Greetings
matse
Offline
#3 2012-11-23 12:00:57
- hunterthomson
- Member
- Registered: 2008-06-22
- Posts: 794
- Website
Re: "Reusing" LUKS password for several instances
LVM on LUKS/dm-crypt is the only safe way to do this.
OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec
Offline