||12-31-2012 10:34 AM
Originally Posted by T3slider
From `man cryptsetup`:
How often the input of the passphrase shall be retried. This
option is relevant every time a password is asked, like create,
luksOpen, luksFormat or luksAddKey. The default is 3 tries.
You could modify the lines in the `init` script in the initrd (and/or /etc/rc.d/rc.S depending on whether you have other non-root LUKS partitions) that open the device (cryptsetup lines with luksOpen) to add the -T argument to give you more tries if you want. Note that this makes it easier for others to brute force your box (though I suppose they could do that anyway if they remove your hard drive). I haven't tested this so adding that option may or may not work. I think 3 guesses is a reasonable default to allow you to make a couple of mistakes while preventing brute force attempts but you may feel differently.
I followed the tutorial README_CRYPT.TXT Combining LUKS and LVM section (same setup, partitions, volumes, names). Please, can you be more specific and tell me exactly what changes to make to change the default 3 to 4 tries. It might be easier to show me where the changes are if you make changes directly on the README_CRYPT.TXT
Originally Posted by Alien Bob
What did you expect would happen then? Sounds like an OK result to me.
Sorry, I did not read the 'man crypysetup' which states "The default is 3 tries" before posting. I was not expecting a kick out but rather a constant retry similar to Slackware logging in. Evidently, 3 tries is safer. To avoid Kernel panic caused by the exit command after 3 bad passphrases at prompt #, what are the constructive choices that are available to me? Hard reboot?