1 files changed, 43 insertions, 0 deletions

diff --git a/src/Linux:Luks_Password_Changing.adoc b/src/Linux:Luks_Password_Changing.adoc
new file mode 100644
index 0000000..96e3790
--- /dev/null
+++ b/src/Linux:Luks_Password_Changing.adoc
@@ -0,0 +1,43 @@
+Linux:Luks Password Changing
+============================
+:author: Aaron Ball
+:email: nullspoon@iohq.net
+
+
+== {doctitle}
+
+Given my most recent posts about Linux Linux:System_Encryption[system
+encryption] and Linux:dm-crypt_Encrypted_Home_Directories[encrypted home
+directories], I think this post is a good followup since account passwords
+should be changed routinely.
+
+I use http://code.google.com/p/cryptsetup/wiki/DMCrypt[dm-crypt] with a
+http://code.google.com/p/cryptsetup/[LUKS header] for my work computer's
+encryption. It uses my Active Directory password for the luks password.  While
+my Windows password is a very safe one, Windows NTLM
+https://securityledger.com/2012/12/new-25-gpu-monster-devours-passwords-in-seconds/[is
+not the most secure hashing algorithm] on the planet, but I digress.
+
+I just changed my password at work after 3 months of use, which means I've got
+to update my LUKS header with the new key and remove the old one (it still
+works fine, I just want one password for my logins). Yes, this is in the man
+page, but I thought I'd post this here for anyone too lazy (like myself) to
+hunt through the man page. It turns out there is a change key feature of
+cryptsetup.
+
+----
+luksChangeKey <device>
+----
+
+If you run that command, it will ask you for the old password. Type that in and
+if it matches, you will be prompted to enter the new password twice. Once
+that's done, there's no need to umount and remount. The next time the volume is
+remounted though, it will require the new password.
+
+
+Category:Linux
+Category:Security
+Category:Encryption
+
+
+// vim: set syntax=asciidoc: