See the quoted paragraph, below, quoted from the [[https://wiki.debian.org/LVM#Encrypted_LVM][LVM#Encrypted_LVM]] wiki.
It seems to me that the idea of creating and saving backup passwords is something of a red herring (to borrow a "Briticism"). The way I see it: * if, in the future: "somehow you<sic> first password is no longer working" -- I'm guessing that whatever that "somehow" is, it is likely to affect all the passwords (all of which are stored in the LUKS header) * or if: "you simply forget your password" -- it seems unlikely that you'll forget the "normal" password (the one you most often use) but remember a backup password (although maybe you'd use something really easy to remember (for you), and hope that because you don't normally use it, it is less exposed and less likely to be captured somehow) * or if: "something unexpected happens such as a bug after a kernel update and somehow the password is no longer working" -- it seems likely to me that if a kernel bug makes one password no longer work, it would be likely that none of the passwords not to work (although I think I can think of exceptions, e.g., your password contains a special symbol, but a kernel bug (or bug somewhere) prevents entry of that special symbol My point is this: I think creating and saving backup passwords is of minimal value. Far more important (but not mentioned) is making and keeping backup copies of your encrypted data (possibly not encrypted but stored in a bank vault ;-), yet that is not mentioned. I am capable (or think I'm capable ;-) of revising the wiki to add a statement to the effect that, more important than storing backup passwords is storing backups of the actual data. I just wanted to provoke some discussion before making such a revision. (I might even downplay the emphasis on creating and storing backup passwords.) <quote> Note: The password(s) of a encrypted LVM volume are stored inside its Linux Unified Key Setup (LUKS) header(s). Creating backup passwords is important because if in the future somehow you first password is no longer working, or you simply forget your password, or you do remember your password but something unexpected happens such as a bug after a kernel update and somehow the password is no longer working, then without backup password(s) you risk to permanently lose all your valuable data stored into that encrypted LVM storage. </quote>