LUKS Password bothers me.

First of all: THANKS. You´ve done a great job on OpenSUSE 11.2, guys. It´s huge! rotfl!

The only thing that buggs me right now is the startup. The bootup screen looks pretty and just a second later, OpenSUSE asks for the LUKS passphrase in bash. A small popup really would have done the job. If the Computer has an integrated/attached fingerprint reader, why couldn´t LUKS just use a fingerprint as verification? Is there some way to make things look pretty again?

Overall, I´m glad my whole drive is encrypted now. Everything feels much more secure.

Is anyone able to answer the questions mentioned above?

I know you can use a file for LUKS authentication, which means that you can have a USB “key” instead of having to enter a password.

But, that means that is you lose your “key”, or accidentally leave it in your machine (which happens with real keys!), anyone can get in!

Use man cryptsetup to get all the details, but basically you create the keyfile, then change a line in /etc/crypttab to use a file instead of the command line.

I haven’t tried it yet but it should work.

I´d rather prefer to enter a password for LUKS within a popup window upon selecting the OS to boot at GRUB. Even then I don´t really understand why LUKS can´t be configured to use a fingerprint reader… It just looks and feels very unnatural booting like one second with the bootsplash and then suddenly hitting the bash for entering a pass. Don´t like that at all. :frowning:

Yes, I agree there. You could try simply “home folder encryption”, you would have to use the normal login window, but then you would have a nice GUI login.

One drawback is that you have to set the size of your home folder (which is simply an encrypted file), the other being that for your system partition (if that is also encrypted) you will stiil of course have to enter a CLI password.

The thing is, you aren’t actually in a GUI until the x-server loads (the splash screen is really just a picture), and for an encrypted root filesystem, it has to be decrypted before it can start the x-server - QED!

Using a USB key would give you a nice smooth login, but don’t lose it ;).

Thanks for explaining. I simply won´t force the final destination of all my data by using a USB for key storage. I´m happy to have a completely encrypted drive now though.

Somehow I´m disappointed that LUKS does not prompt the user with a small little GUI for password input during startup. Hopefully that method will be changed in a future release of OpenSUSE (would be even better if that procedure would be changed with an update of 11.2).

I just wish they would add the option to cryptsetup to use a keyfile as an option on the command line, at the moment you can either have password OR keyfile.

A simple if(keyfile not found, default to password) would be nice.

Maybe give the maintainers a request?

Good idea. To whom exactly and what to say?

Report bugs to <>.

Copyright © 2004 Christophe Saout
Copyright © 2004-2006 Clemens Fruhwirth

   This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FIT-

dm-crypt website, dm-crypt - a device-mapper crypto target

   LUKS website, [cryptsetup - Project Hosting on Google Code](

   dm-crypt TWiki, [dm-crypt wiki : HomePage](


Yeah, right. I’d send a request if I knew exactly whom to send the email to. :wink:

Whoa, read your post again, growbag, and found it. A friendly request with both of our opinions has been detached to Stay tuned.

lol, well done :wink:

Asking him about who might be the right person to talk to revealed this:

Looks like he is a huge fan of OpenSUSE… :wink: Suggestions to further proceedings are welcome though.

All feature request are best taken to openFATE, be sure to check first if someone else has already opened a similar request.