On Tue, May 14, 2024 at 7:28 AM Dale <rdalek1...@gmail.com> wrote: > > First, I needed to generate a password.
Honestly, I'd stop right there, and think about WHY you're encrypting your disks, and WHY you need a password to decrypt them. There are many use cases and threat models to consider. I have a whole bunch of encrypted drives on my Ceph cluster, and none of them have a traditional "password" and I couldn't tell you what any of them are. They're keys stored in files on the OS drive, and I do have a backup of them as well. I don't have to go looking up anything to do anything because the file is referenced in crypttab and so LUKS just does its thing during boot. Obviously anybody who has physical access to the host can decrypt the drives. The OS disks aren't even encrypted. So why bother? Well, my threat model is this - I have huge amounts of data on disks, and disks eventually fail, and they're a real pain to wipe, especially if they've failed. With my solution, those physical disks are completely unreadable when separated from the OS drive. There is no risk of brute-force attacks as there is no memorable passphrase to crack - they're just random keys, so it is a basic brute force attack on AES itself. When things need rebooting I don't need to be present to type anything in, and I don't need any fancy TPM-based solutions to make that possible either. The more traditional approach uses memorable passphrases, and for that you can use pwgen, or xkcdpass. Or you can just come up with something memorable but not likely to be guessed, with plenty of rounds. The most common approach (outside of Linux) is to use a TPM to manage the key with verified boot. This is possible on Linux, but no distro I'm aware of other than maybe ChromeOS does it (and ChromeOS doesn't really do it the traditional way). This lets you have a desktop that makes the disk unreadable when separated from the PC, and it can only be read if the disk is booted normally. It is a very elegant solution, assuming you trust the security of the TPM, but without distro support I probably wouldn't mess with it. On Windows it is very common, and on ChromeOS it isn't even optional - they all do it. -- Rich
