First of all: THANKS. You´ve done a great job on OpenSUSE 11.2, guys. It´s huge! rotfl!
The only thing that buggs me right now is the startup. The bootup screen looks pretty and just a second later, OpenSUSE asks for the LUKS passphrase in bash. A small popup really would have done the job. If the Computer has an integrated/attached fingerprint reader, why couldn´t LUKS just use a fingerprint as verification? Is there some way to make things look pretty again?
Overall, I´m glad my whole drive is encrypted now. Everything feels much more secure.
I know you can use a file for LUKS authentication, which means that you can have a USB “key” instead of having to enter a password.
But, that means that is you lose your “key”, or accidentally leave it in your machine (which happens with real keys!), anyone can get in!
Use man cryptsetup to get all the details, but basically you create the keyfile, then change a line in /etc/crypttab to use a file instead of the command line.
I´d rather prefer to enter a password for LUKS within a popup window upon selecting the OS to boot at GRUB. Even then I don´t really understand why LUKS can´t be configured to use a fingerprint reader… It just looks and feels very unnatural booting like one second with the bootsplash and then suddenly hitting the bash for entering a pass. Don´t like that at all.
Yes, I agree there. You could try simply “home folder encryption”, you would have to use the normal login window, but then you would have a nice GUI login.
One drawback is that you have to set the size of your home folder (which is simply an encrypted file), the other being that for your system partition (if that is also encrypted) you will stiil of course have to enter a CLI password.
The thing is, you aren’t actually in a GUI until the x-server loads (the splash screen is really just a picture), and for an encrypted root filesystem, it has to be decrypted before it can start the x-server - QED!
Using a USB key would give you a nice smooth login, but don’t lose it ;).
Thanks for explaining. I simply won´t force the final destination of all my data by using a USB for key storage. I´m happy to have a completely encrypted drive now though.
Somehow I´m disappointed that LUKS does not prompt the user with a small little GUI for password input during startup. Hopefully that method will be changed in a future release of OpenSUSE (would be even better if that procedure would be changed with an update of 11.2).
I just wish they would add the option to cryptsetup to use a keyfile as an option on the command line, at the moment you can either have password OR keyfile.
A simple if(keyfile not found, default to password) would be nice.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FIT-
NESS FOR A PARTICULAR PURPOSE.
LUKS website, [cryptsetup - Project Hosting on Google Code](http://code.google.com/p/cryptsetup/)
dm-crypt TWiki, [dm-crypt wiki : HomePage](http://www.saout.de/tikiwiki/tiki-index.php)
