[dm-crypt] Basics

Heinz Diehl htd+ml at fritha.org
Sun Sep 27 20:55:54 CEST 2015

On 27.09.2015, Mike Nagie wrote: 

> As we just have concluded that a Diceware passphrase is much more 
> secure, then I'd like to ask you: should I need more than one LUKS key? 

What's your thread model, actually? Whom do you want to protect your
data from?

> The original idea was, creating an encrypted partition for the /home 
> then I'm going to set a very strong master passphrase (I assume that 
> slot 0 is the master) after that I add another LUKS key which is the 
> same password as my account's.

That would reduce your password strength to the strength of the
weakest of these two.

> Does more than one LUKS key reduce the security?

A chain is only as strong as its weakest link. This law applies
perfectly also to this particular scenario.

> Does it matter if I have a really strong passphrase and a not that strong second phrase? 

Think about it. It's quite obvious.

More information about the dm-crypt mailing list