robertolamb |
12-31-2012 09:34 AM |
Quote:
Originally Posted by T3slider
(Post 4859843)
From `man cryptsetup`:
Code:
--tries, -T
How often the input of the passphrase shall be retried. This
option is relevant every time a password is asked, like create,
luksOpen, luksFormat or luksAddKey. The default is 3 tries.
You could modify the lines in the `init` script in the initrd (and/or /etc/rc.d/rc.S depending on whether you have other non-root LUKS partitions) that open the device (cryptsetup lines with luksOpen) to add the -T argument to give you more tries if you want. Note that this makes it easier for others to brute force your box (though I suppose they could do that anyway if they remove your hard drive). I haven't tested this so adding that option may or may not work. I think 3 guesses is a reasonable default to allow you to make a couple of mistakes while preventing brute force attempts but you may feel differently.
|
I followed the tutorial README_CRYPT.TXT Combining LUKS and LVM section (same setup, partitions, volumes, names). Please, can you be more specific and tell me exactly what changes to make to change the default 3 to 4 tries. It might be easier to show me where the changes are if you make changes directly on the README_CRYPT.TXT
thank you
Quote:
Originally Posted by Alien Bob
(Post 4859936)
What did you expect would happen then? Sounds like an OK result to me.
Eric
|
Sorry, I did not read the 'man crypysetup' which states "The default is 3 tries" before posting. I was not expecting a kick out but rather a constant retry similar to Slackware logging in. Evidently, 3 tries is safer. To avoid Kernel panic caused by the exit command after 3 bad passphrases at prompt #, what are the constructive choices that are available to me? Hard reboot?
thank you
|