* Single User (single or multiple keyslots with similar or different passphrase)
@ 2022-11-21 8:42 Lamy Geier
2022-11-21 11:06 ` Frequency of backup of headers for LUKS1 and LUKS2 Lamy Geier
2022-11-21 13:26 ` Single User (single or multiple keyslots with similar or different passphrase) Arno Wagner
0 siblings, 2 replies; 4+ messages in thread
From: Lamy Geier @ 2022-11-21 8:42 UTC (permalink / raw)
To: cryptsetup
Hello!
I am a single user and owner of the data in my laptop. I was wondering
if it is any better to have single or multiple keyslots with same or
different passphrases. I am using LUKS2 on a partition for root, home
and swap volumes (LVM). And LUKS1 for a boot partition. Please suggest
which of the following is better choice and why:
1. Should I have single passphrase and single keyslot for LUKS1 and LUKS2?
2. Multiple Keyslots for LUKS1 and LUKS2 with same passphrase.
3. Multiple Keyslots for LUKS1 and LUKS2 with different passphrase.
- My reasoning was that may be having redundant information, it helps in
times of crisis for recovery.
- Note: The data will be owned and used only by me.
--
Thanks and Regards
Lamy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Frequency of backup of headers for LUKS1 and LUKS2
2022-11-21 8:42 Single User (single or multiple keyslots with similar or different passphrase) Lamy Geier
@ 2022-11-21 11:06 ` Lamy Geier
2022-11-21 13:24 ` Arno Wagner
2022-11-21 13:26 ` Single User (single or multiple keyslots with similar or different passphrase) Arno Wagner
1 sibling, 1 reply; 4+ messages in thread
From: Lamy Geier @ 2022-11-21 11:06 UTC (permalink / raw)
To: cryptsetup
Given that I won't add or remove any key from header key slot, or I
won't re-encrypt (i.e. change the master key), how often do I need to
backup the LUKS1 and LUKS2 header? Is doing the backup once enough and
making sure that the backup is not corrupted?
Are there any other situation where one needs to backup the headers of
LUKS1 and LUKS2 more often?
I was wondering if the contents of header changes in any other way, that
requires backup, if it affects restore possibility.
Thanks and Regards
Lamy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Frequency of backup of headers for LUKS1 and LUKS2
2022-11-21 11:06 ` Frequency of backup of headers for LUKS1 and LUKS2 Lamy Geier
@ 2022-11-21 13:24 ` Arno Wagner
0 siblings, 0 replies; 4+ messages in thread
From: Arno Wagner @ 2022-11-21 13:24 UTC (permalink / raw)
To: Lamy Geier; +Cc: cryptsetup
Header backup is only needed if you change the header.
Data-area backup is another question.
Arno
On Mon, Nov 21, 2022 at 12:06:57 CET, Lamy Geier wrote:
> Given that I won't add or remove any key from header key slot, or I won't
> re-encrypt (i.e. change the master key), how often do I need to backup the
> LUKS1 and LUKS2 header? Is doing the backup once enough and making sure that
> the backup is not corrupted?
>
> Are there any other situation where one needs to backup the headers of LUKS1
> and LUKS2 more often?
>
> I was wondering if the contents of header changes in any other way, that
> requires backup, if it affects restore possibility.
>
> Thanks and Regards
>
> Lamy
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Single User (single or multiple keyslots with similar or different passphrase)
2022-11-21 8:42 Single User (single or multiple keyslots with similar or different passphrase) Lamy Geier
2022-11-21 11:06 ` Frequency of backup of headers for LUKS1 and LUKS2 Lamy Geier
@ 2022-11-21 13:26 ` Arno Wagner
1 sibling, 0 replies; 4+ messages in thread
From: Arno Wagner @ 2022-11-21 13:26 UTC (permalink / raw)
To: Lamy Geier; +Cc: cryptsetup
One Keyslot should be enough, but you should hve a header backup.
The only redundancy multiple passphrases give you is basically
multiple passphrases.
Regards,
Arno
On Mon, Nov 21, 2022 at 09:42:37 CET, Lamy Geier wrote:
> Hello!
>
> I am a single user and owner of the data in my laptop. I was wondering if it
> is any better to have single or multiple keyslots with same or different
> passphrases. I am using LUKS2 on a partition for root, home and swap volumes
> (LVM). And LUKS1 for a boot partition. Please suggest which of the following
> is better choice and why:
>
> 1. Should I have single passphrase and single keyslot for LUKS1 and LUKS2?
> 2. Multiple Keyslots for LUKS1 and LUKS2 with same passphrase.
> 3. Multiple Keyslots for LUKS1 and LUKS2 with different passphrase.
>
>
> - My reasoning was that may be having redundant information, it helps in
> times of crisis for recovery.
>
> - Note: The data will be owned and used only by me.
>
> --
> Thanks and Regards
>
> Lamy
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-11-21 13:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-21 8:42 Single User (single or multiple keyslots with similar or different passphrase) Lamy Geier
2022-11-21 11:06 ` Frequency of backup of headers for LUKS1 and LUKS2 Lamy Geier
2022-11-21 13:24 ` Arno Wagner
2022-11-21 13:26 ` Single User (single or multiple keyslots with similar or different passphrase) Arno Wagner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).