[dm-crypt] Old Passphrases - are they a security threat?

Daniel Breznau daniel.breznau at gmail.com
Wed Jun 25 15:21:01 CEST 2014


After reading the FAQ, I’m still unclear on something - if someone knows an old passphrase to my LUKS encrypted partition, then could it somehow be used with the master key to decrypt the drive?

My scenario is this: I’m trying to set up a remote server with an encrypted drive by having tech support run my bash script that will set it all up and the script will have an initial passphrase in it. After that, I’ll SSH in and change the passphrase but wonder if the old one (which they potentially have laying around in the bash file) could be used to compromise the root partition. 

Granted, I know there are other vulnerabilities of this - like it being accessed while running but an encrypted drive is enough to keep out the curious and slightly more determined.


More information about the dm-crypt mailing list