LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Luks global passphrase? (http://www.linuxquestions.org/questions/linux-security-4/luks-global-passphrase-744206/)

ESC201 07-31-2009 01:30 PM

Luks global passphrase?
 
Hi all, I recently encrypted two of my computers. I installed Fedora 11 on the first one and let the installer set up my disk encryption. At the time, I had / mounted on one drive and /home on another. Both had the same luks passphrase and when I booted my system, I was only asked to enter the passphrase once and both drives were unlocked. I've since deleted that passphrase and added another one. They are still both the same but now when I boot up, I am asked to enter the passphrase twice. Is there a way to set it so I only have to enter the passphrase once?

On the second computer, I installed Ubuntu and I let the installer take care of the disk encryption also. Same set up with it, / on one partition and /home on another; same passphrase. However, I've always had to enter the passphrase twice during boot on that one.

Anyway, if there is a way to set up a global passphrase for luks drives, any help or a point in the direction towards just that would be great. Thanks!

rm -rf * 08-01-2009 11:10 PM

Looking at the cryptsetup man page, appears there's an option for --verify-passphrase which causes luks to ask twice. Not sure if that's the issue exactly. Perhaps Ubuntu has this as default, and you changed the option on fedora?

Meson 08-02-2009 10:11 PM

My guess is that in your initial setup, you had an encrypted LVM group and the partitions were members of it. Either way, it might have been interesting to see /etc/crypttab.

ESC201 08-03-2009 06:31 PM

Quote:

Originally Posted by Meson (Post 3629012)
My guess is that in your initial setup, you had an encrypted LVM group and the partitions were members of it. Either way, it might have been interesting to see /etc/crypttab.

Meson, I honestly don't know what I did to make it ask me for my password only once. I just let the installer (Anaconda I believe) take care of it. My knowledge of luks is very limited.

Here is my crypttab...
Code:

# Swap
swap UUID=9c452442-2ccc-4655-ac2d-f097e15c4f2a /dev/urandom cipher=aes-cbc-essiv:sha256,size256,hash=256,swap

# /
luks-3bbe8b56-723e-4b19-83b1-d106c84beff5 UUID=3bbe8b56-723e-4b19-83b1-d106c84beff5 none

# Home
home UUID=5e36ae69-cd3a-4daa-8ba8-690f7a570862 none

# Main Backup
#Main_Backup UUID=5e36ae69-cd3a-4daa-8ba8-690f7a570862 none

# Fedora Backup
Fedora_Backup UUID=1eca149a-db55-4df0-bd58-7505acc6c4f9 none

rm -rf *, looking at the cryptsetup man page I believe that --verify-passphrase simple asks for the passphrase twice when preforming commands on encrypted drives to ensure one has entered the correct passphrase. Thank you for your insight however.


All times are GMT -5. The time now is 03:08 PM.