blob: 96e3790d8b50345bce23b829b0f9b2628651df24 (
plain)
1 Linux:Luks Password Changing
2 ============================
3 :author: Aaron Ball
4 :email: nullspoon@iohq.net
5
6
7 == {doctitle}
8
9 Given my most recent posts about Linux Linux:System_Encryption[system
10 encryption] and Linux:dm-crypt_Encrypted_Home_Directories[encrypted home
11 directories], I think this post is a good followup since account passwords
12 should be changed routinely.
13
14 I use http://code.google.com/p/cryptsetup/wiki/DMCrypt[dm-crypt] with a
15 http://code.google.com/p/cryptsetup/[LUKS header] for my work computer's
16 encryption. It uses my Active Directory password for the luks password. While
17 my Windows password is a very safe one, Windows NTLM
18 https://securityledger.com/2012/12/new-25-gpu-monster-devours-passwords-in-seconds/[is
19 not the most secure hashing algorithm] on the planet, but I digress.
20
21 I just changed my password at work after 3 months of use, which means I've got
22 to update my LUKS header with the new key and remove the old one (it still
23 works fine, I just want one password for my logins). Yes, this is in the man
24 page, but I thought I'd post this here for anyone too lazy (like myself) to
25 hunt through the man page. It turns out there is a change key feature of
26 cryptsetup.
27
28 ----
29 luksChangeKey <device>
30 ----
31
32 If you run that command, it will ask you for the old password. Type that in and
33 if it matches, you will be prompted to enter the new password twice. Once
34 that's done, there's no need to umount and remount. The next time the volume is
35 remounted though, it will require the new password.
36
37
38 Category:Linux
39 Category:Security
40 Category:Encryption
41
42
43 // vim: set syntax=asciidoc:
|
