[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: luks, crypttab: why 3 partition only 2 passphrases entered

On Wed, 8 Aug 2018 08:57:40 +0100
Jonathan Dowland <jmtd@debian.org> wrote:

> On Tue, Aug 07, 2018 at 11:10:39PM +0100, Carles Pina i Estany wrote:
> >That was quite lot of fun!
> Good investigation and report, thanks, yes it was fun to read too!
> Some time ago I added a second encrypted disk to my setup, but it is a
> removable one. I wanted to use the same encryption passphrase as my
> primary drive, so I looked into the systemd/keyctl stuff. I tried to
> override the timeout, because I plug in the external drive roughly once
> a month. (It's my offsite backup drive)
> I figured out one hacky way to do that, but in the meantime a friend
> suggested I just use a key file for the removeable drive instead, stored
> on the internal encrypted drive. I considered my threat model, realised
> that was fine, so abandoned my attempts to change the systemd/keyctl
> timeout.

I've also been doing this (storing the encryption keyfile for my
external backup drives on my internal drive) for a while - I figure that
since the external drives are just backups of the internal, anyone with
access to the internal already has all the data on the external, so
there's no real loss of security incurred by storing the key on the


Reply to: