Rich Freeman wrote: > On Tue, May 14, 2024 at 7:28 AM Dale <rdalek1...@gmail.com> wrote: >> First, I needed to generate a password. > Honestly, I'd stop right there, and think about WHY you're encrypting > your disks, and WHY you need a password to decrypt them. There are > many use cases and threat models to consider. > > I have a whole bunch of encrypted drives on my Ceph cluster, and none > of them have a traditional "password" and I couldn't tell you what any > of them are. They're keys stored in files on the OS drive, and I do > have a backup of them as well. I don't have to go looking up anything > to do anything because the file is referenced in crypttab and so LUKS > just does its thing during boot. > > Obviously anybody who has physical access to the host can decrypt the > drives. The OS disks aren't even encrypted. So why bother? Well, my > threat model is this - I have huge amounts of data on disks, and disks > eventually fail, and they're a real pain to wipe, especially if > they've failed. With my solution, those physical disks are completely > unreadable when separated from the OS drive. There is no risk of > brute-force attacks as there is no memorable passphrase to crack - > they're just random keys, so it is a basic brute force attack on AES > itself. When things need rebooting I don't need to be present to type > anything in, and I don't need any fancy TPM-based solutions to make > that possible either. > > The more traditional approach uses memorable passphrases, and for that > you can use pwgen, or xkcdpass. Or you can just come up with > something memorable but not likely to be guessed, with plenty of > rounds. > > The most common approach (outside of Linux) is to use a TPM to manage > the key with verified boot. This is possible on Linux, but no distro > I'm aware of other than maybe ChromeOS does it (and ChromeOS doesn't > really do it the traditional way). This lets you have a desktop that > makes the disk unreadable when separated from the PC, and it can only > be read if the disk is booted normally. It is a very elegant > solution, assuming you trust the security of the TPM, but without > distro support I probably wouldn't mess with it. On Windows it is > very common, and on ChromeOS it isn't even optional - they all do it. >
My concern, someone breaks into my home and steals my drives, and computer too. They get the OS and some general stuff but the stuff I want to protect others from getting or seeing, they need the password. It isn't stored anywhere they can just copy and paste it either. This is why I didn't use files for the keys. If the puter can boot and decrypt the drives with no input from me, well, there's really no point in encrypting it to begin with except as you point out in the event of a drive failure. As it is now, if I lock my drives or shutdown my puter and go to town, my data is safe, from whoever may want to access it, with or without my puter. There may not be many who want to go to all this trouble. There could be some tho. I posted for those who would like to have this setup or it give ideas on a setup that may even work better for their use case. This works well for me. I remember one password. That's it. With that password I can get the passwords, random generated and long ones at that, and open my drives up. To anyone else, it may be doable to crack them but they gonna work for it. I have no idea why a person would put in all that effort for data when they don't even know what is there. If it was known to be a secret formula for turning lead into gold, I could get that. My data, not likely. I suspect most don't want to use this method. That is fine. Not every use case is the same and some may not concern themselves over the same things I do. If someone does have a need for a method like this, they have a way to do it. So far, it's working pretty well. Given I have copies of the kpcli in case one goes bad and gets deleted, I think I'm pretty safe. I figure there is few who would use this but I thought it worth posting given the time and effort I put in researching and figuring out ways to make it work. The Linux way is to come up with things and then share to help others. I've certainly had people share things with me. :-D Dale :-) :-)
