Results 1 to 3 of 3

Thread: HDD encryption passphrase

  1. #1

    Default HDD encryption passphrase

    I recently acquired a new laptop after my old one passed away. I'm pretty new to openSUSE, so this was my second installation of it. When I set up the partitions I opted for encryption of my home folder, which I did not do on my rather hasty first installation and entered a complex passphrase which I immediately wrote down. Based on my experience with disk encryption on other GNU/Linux distros, I naively assumed that I would not have to enter the passphrase unless I was accessing the hard drive outside of the OS. I was wrong.

    The passphrase as it is is not possible to memorize, so I am forced to carry the passphrase with me everywhere; significantly weakening the value of encryption. My question is: can I change the passphrase without re-partitioning?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,616
    Blog Entries
    3

    Default Re: HDD encryption passphrase

    Quote Originally Posted by Assiniboine View Post
    My question is: can I change the passphrase without re-partitioning?
    Yes.

    First a bit of perspective. Your partition is actually encrypted with a completely random key.

    The key that you provided was used to encrypt the random key used for the actual encryption.

    You can use:
    Code:
    cryptsetup luksAddkey ... other options
    to add an additional key. That re-encrypts the random key with a new user-provided key. You can later remove the original key, or just leave it there.

    Code:
    man cryptsetup
    will fill in the details for you.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3

    Default Re: HDD encryption passphrase

    That worked, thanks

    Quote Originally Posted by nrickert View Post
    Yes.

    First a bit of perspective. Your partition is actually encrypted with a completely random key.

    The key that you provided was used to encrypt the random key used for the actual encryption.

    You can use:
    Code:
    cryptsetup luksAddkey ... other options
    to add an additional key. That re-encrypts the random key with a new user-provided key. You can later remove the original key, or just leave it there.

    Code:
    man cryptsetup
    will fill in the details for you.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •