Re: Unlock LUKS with login/password

To: debian-devel@lists.debian.org
Subject: Re: Unlock LUKS with login/password
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Sat, 11 Mar 2023 19:24:44 +0000
Message-id: <[🔎] 20230311192444.xmvpupbybi7sjjz3@yuggoth.org>
In-reply-to: <[🔎] CAO6YxPwcw0qG+J8_cpG1yWDhfcvEHf-uJH8-Uup69+6C0_g1aA@mail.gmail.com>
References: <[🔎] CAO1Zr+rqjpp75qm5U2JYM9uqffa6LHzqZWGrNMpbpAgrFWx1xw@mail.gmail.com> <[🔎] b5615712-b6f5-7ec0-746c-e8b9116d006d@antipoul.fr> <[🔎] CAO1Zr+rqiaeMFQ6ocPxo2fXL6i0ej6Nf5fnZONCQ=CrXoFeDLQ@mail.gmail.com> <[🔎] CAO6YxPwcw0qG+J8_cpG1yWDhfcvEHf-uJH8-Uup69+6C0_g1aA@mail.gmail.com>

On 2023-03-11 12:57:56 -0500 (-0500), Timothy M Butterworth wrote:
[...]
> The reason you can not use Login/Password as the LUKS passphrase
> is because The Passphrase can not be different for different
> users. The passphrase is not simply a password but instead it is
> part of the key material used to decrypt and encrypt.

Not that I'm a fan of the proposed use case, but see the manpage for
cryptsetup-luksAddKey(8): "Adds a keyslot protected by a new
passphrase." So while there is only one passphrase for a key, a
device can be accessed by an arbitrary number of keys.
-- 
Jeremy Stanley

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Unlock LUKS with login/password
  - From: Alexey Kuznetsov <kuznetsov.alexey@gmail.com>
- Re: Unlock LUKS with login/password
  - From: Adrien CLERC <adrien@antipoul.fr>
- Re: Unlock LUKS with login/password
  - From: Alexey Kuznetsov <kuznetsov.alexey@gmail.com>
- Re: Unlock LUKS with login/password
  - From: Timothy M Butterworth <timothy.m.butterworth@gmail.com>

Prev by Date: Re: Unlock LUKS with login/password
Next by Date: Bug#1032809: ITP: python3-cogapp -- Cog content generation tool. Small bits of computation for static files
Previous by thread: Re: Unlock LUKS with login/password
Next by thread: Re: Unlock LUKS with login/password
Index(es):
- Date
- Thread