Re: luks, crypttab: why 3 partition only 2 passphrases entered

To: debian-user@lists.debian.org
Subject: Re: luks, crypttab: why 3 partition only 2 passphrases entered
From: Celejar <celejar@gmail.com>
Date: Wed, 8 Aug 2018 08:07:06 -0400
Message-id: <[🔎] 20180808080706.78af45799a876bdaac045f50@gmail.com>
In-reply-to: <[🔎] 20180808075740.GA10155@chew.redmars.org>
References: <[🔎] 20180801224728.qf6dfytz5j7ma5mj@pina.cat> <[🔎] 98bce5a8-4f1c-715e-7db3-9361cb09cea7@holgerdanske.com> <[🔎] 20180802224555.3jhhajrv7briecmb@pina.cat> <[🔎] 20180804215459.7qyqv2dnymfm7r2w@pina.cat> <[🔎] 20180807111810.GD32027@chew.redmars.org> <[🔎] 20180807221039.uvsjwsi4tzvi5tov@pina.cat> <[🔎] 20180808075740.GA10155@chew.redmars.org>

On Wed, 8 Aug 2018 08:57:40 +0100
Jonathan Dowland <jmtd@debian.org> wrote:

> On Tue, Aug 07, 2018 at 11:10:39PM +0100, Carles Pina i Estany wrote:
> >That was quite lot of fun!
> 
> Good investigation and report, thanks, yes it was fun to read too!
> 
> Some time ago I added a second encrypted disk to my setup, but it is a
> removable one. I wanted to use the same encryption passphrase as my
> primary drive, so I looked into the systemd/keyctl stuff. I tried to
> override the timeout, because I plug in the external drive roughly once
> a month. (It's my offsite backup drive)
> 
> I figured out one hacky way to do that, but in the meantime a friend
> suggested I just use a key file for the removeable drive instead, stored
> on the internal encrypted drive. I considered my threat model, realised
> that was fine, so abandoned my attempts to change the systemd/keyctl
> timeout.

I've also been doing this (storing the encryption keyfile for my
external backup drives on my internal drive) for a while - I figure that
since the external drives are just backups of the internal, anyone with
access to the internal already has all the data on the external, so
there's no real loss of security incurred by storing the key on the
internal.

Celejar

Reply to:

References:
- luks, crypttab: why 3 partition only 2 passphrases entered
  - From: Carles Pina i Estany <carles@pina.cat>
- Re: luks, crypttab: why 3 partition only 2 passphrases entered
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: luks, crypttab: why 3 partition only 2 passphrases entered
  - From: Carles Pina i Estany <carles@pina.cat>
- Re: luks, crypttab: why 3 partition only 2 passphrases entered
  - From: Carles Pina i Estany <carles@pina.cat>
- Re: luks, crypttab: why 3 partition only 2 passphrases entered
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: luks, crypttab: why 3 partition only 2 passphrases entered
  - From: Carles Pina i Estany <carles@pina.cat>
- Re: luks, crypttab: why 3 partition only 2 passphrases entered
  - From: Jonathan Dowland <jmtd@debian.org>

Prev by Date: Using Sid (was: New `no sound' problems)
Next by Date: Using jq to clean/organize SeaMonkey bookmarks?
Previous by thread: Re: luks, crypttab: why 3 partition only 2 passphrases entered
Next by thread: Re: luks, crypttab: why 3 partition only 2 passphrases entered
Index(es):
- Date
- Thread