From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.infodat.com.ar (unknown [190.210.75.125]) by mail.server123.net (Postfix) with SMTP for ; Wed, 30 Mar 2016 15:22:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.infodat.com.ar (Postfix) with ESMTP id 54A3941393E3 for ; Wed, 30 Mar 2016 10:18:55 -0300 (ART) Received: from mail.infodat.com.ar ([127.0.0.1]) by localhost (mail.infodat.com.ar [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id MXnyL8UOEn2U for ; Wed, 30 Mar 2016 10:18:54 -0300 (ART) Received: from localhost (localhost [127.0.0.1]) by mail.infodat.com.ar (Postfix) with ESMTP id 8378441393E0 for ; Wed, 30 Mar 2016 10:18:54 -0300 (ART) Received: from mail.infodat.com.ar ([127.0.0.1]) by localhost (mail.infodat.com.ar [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kBC462HCwxvs for ; Wed, 30 Mar 2016 10:18:54 -0300 (ART) Received: from mail.infodat.com.ar (mail.kaos.local [172.31.18.10]) by mail.infodat.com.ar (Postfix) with ESMTP id 6F9E941393E3 for ; Wed, 30 Mar 2016 10:18:54 -0300 (ART) Date: Wed, 30 Mar 2016 10:18:54 -0300 (ART) From: "Fernando D. Pedemonte" Message-ID: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_11094_1879360244.1459343934401" Subject: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de ------=_Part_11094_1879360244.1459343934401 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Dear List I am trying to setup an encrypted partition, and I requiere 2 people of 3 putting a pass-phrase to unlock the device. Is there any way that I can setup in the system to require keys in two different slots to unlock the device? Thanks in advance for your response Best Regards FP- ------=_Part_11094_1879360244.1459343934401 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Dear List

I am trying to setup an encrypted partition, and I requiere 2 people of 3 putting a pass-phrase to unlock the device.

Is there any way that I can setup in the system to require keys in two different slots to unlock the device?

Thanks in advance for your response

Best Regards

FP-

------=_Part_11094_1879360244.1459343934401-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mps1.wohnheimg.uni-frankfurt.de (mps1.wohnheimg.uni-frankfurt.de [141.2.118.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 17:02:37 +0200 (CEST) Received: from p4fcee6f2.dip0.t-ipconnect.de ([79.206.230.242] helo=[192.168.0.11]) (Authed sender Sven 'DarKRaveR' Eschenberg) by mps1.wohnheimg.uni-frankfurt.de via ESMTPSA (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim) (envelope-from ) id 1alHdk-0001pq-Td for dm-crypt@saout.de; Wed, 30 Mar 2016 17:02:37 +0200 References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> From: Sven Eschenberg Message-ID: <56FBEA8D.8080806@whgl.uni-frankfurt.de> Date: Wed, 30 Mar 2016 17:02:37 +0200 MIME-Version: 1.0 In-Reply-To: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Fernando, I am not sure about what you are asking. Do you mean that a (single) person needs to enter 2 (different) passphrases for 2 (different) slots, to unlock the device? If so, the answer is no, as each keyslot, when it is unlocked, gives you the device encryption key. If you are asking if you can give 2 different passphrases to two people, where each phrase unlocks one of the slots - yes, that is the very purpose of LUKS. Reagrds -Sven P.S.: You might want to clarify your question a little more, if you are asking something else. Am 30.03.2016 um 15:18 schrieb Fernando D. Pedemonte: > Dear List > > I am trying to setup an encrypted partition, and I requiere 2 people of > 3 putting a pass-phrase to unlock the device. > Is there any way that I can setup in the system to require keys in two > different slots to unlock the device? > > Thanks in advance for your response > Best Regards > FP- > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from perdizione.investici.org (perdizione.investici.org [94.23.50.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 17:13:18 +0200 (CEST) Received: from [94.23.50.208] (perdizione [94.23.50.208]) (Authenticated sender: fulanoperez@cryptolab.net) by localhost (Postfix) with ESMTPSA id E476E1204A1 for ; Wed, 30 Mar 2016 14:56:34 +0000 (UTC) References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> From: Fulano Diego Perez Message-ID: <56FBE8A3.40009@cryptolab.net> Date: Thu, 31 Mar 2016 01:54:27 +1100 MIME-Version: 1.0 In-Reply-To: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de you wrote: > and I requiere 2 people of 3 putting a pass-phrase to unlock the device. Three may keep a secret, if two of them are dead. - Benjamin Franklin, 1735 ;-) From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mps1.wohnheimg.uni-frankfurt.de (mps1.wohnheimg.uni-frankfurt.de [141.2.118.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 17:33:25 +0200 (CEST) Received: from p4fcee6f2.dip0.t-ipconnect.de ([79.206.230.242] helo=[192.168.0.11]) (Authed sender Sven 'DarKRaveR' Eschenberg) by mps1.wohnheimg.uni-frankfurt.de via ESMTPSA (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim) (envelope-from ) id 1alI7Y-0002xb-MI for dm-crypt@saout.de; Wed, 30 Mar 2016 17:33:25 +0200 References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> <56FBE8A3.40009@cryptolab.net> From: Sven Eschenberg Message-ID: <56FBF1C5.4010804@whgl.uni-frankfurt.de> Date: Wed, 30 Mar 2016 17:33:25 +0200 MIME-Version: 1.0 In-Reply-To: <56FBE8A3.40009@cryptolab.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Fernando, No, dm-crypt/LUKS does not provide for such a modus operandi. BTW, there's even a difference between, you need exactly 2 out of n, or at least 2 out of n. (The latter being the two-man-rule). Anyhow, this is out of LUKS' scope - you can however split the passphrase and distribute it among the 3 people such that your requirements are met. Regards -Sven Am 30.03.2016 um 16:54 schrieb Fulano Diego Perez: > > > you wrote: >> and I requiere 2 people of 3 putting a pass-phrase to unlock the device. > > Three may keep a secret, if two of them are dead. > - Benjamin Franklin, 1735 > > ;-) > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 18:27:58 +0200 (CEST) Received: by mail-wm0-x236.google.com with SMTP id p65so190576526wmp.1 for ; Wed, 30 Mar 2016 09:27:58 -0700 (PDT) References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> From: Milan Broz Message-ID: <56FBFE8B.3000807@gmail.com> Date: Wed, 30 Mar 2016 18:27:55 +0200 MIME-Version: 1.0 In-Reply-To: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Fernando D. Pedemonte" , dm-crypt@saout.de On 03/30/2016 03:18 PM, Fernando D. Pedemonte wrote: > Dear List > > I am trying to setup an encrypted partition, and I requiere 2 people of 3 putting a pass-phrase to unlock the device. > Is there any way that I can setup in the system to require keys in two different slots to unlock the device? If you mean something like Shamir's secret sharing (you need N of M parts to unlock the key), LUKS doesn't provide this directly, but Clevis/Tang project is going this way (in development). See end of slides from DevConf - http://slides.com/npmccallum/devconf16#/35 (Not usable yet but good to know about it :-) Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from nekare.kjorling.se (nekare.kjorling.se [89.221.249.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 19:10:03 +0200 (CEST) Received: from yeono.kjorling.se (h-9-65.a328.priv.bahnhof.se [46.59.9.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "yeono", Issuer "yeono" (not verified)) by nekare.kjorling.se (Postfix) with ESMTPS id D0249114096 for ; Wed, 30 Mar 2016 17:09:54 +0000 (UTC) Received: from yeono.kjorling.se (localhost [127.0.0.1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by yeono (Postfix) with ESMTPS id 7C4B41837 for ; Wed, 30 Mar 2016 19:09:54 +0200 (CEST) Date: Wed, 30 Mar 2016 17:09:52 +0000 From: Michael =?utf-8?B?S2rDtnJsaW5n?= Message-ID: <20160330170952.GX16068@yeono.kjorling.se> References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> <56FBFE8B.3000807@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <56FBFE8B.3000807@gmail.com> Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 30 Mar 2016 18:27 +0200, from gmazyland@gmail.com (Milan Broz): > If you mean something like Shamir's secret sharing (you need N of M > parts to unlock the key), > LUKS doesn't provide this directly, but Clevis/Tang project is going > this way (in development). Shamir's was my first thought too. While LUKS doesn't provide this natively (any one passphrase is sufficient to unlock the container), what you want can probably be cobbled together using a passphrase file which is split using Shamir's secret sharing. For example, you could generate a random passphrase of sufficient entropy to be secure, and for storage split that into three parts two of which are required (using regular Shamir's secret sharing). This should be as secure as 2 out of 3 Shamir's secret sharing can be. To unlock the container, two of the three individuals get together, somehow present their respective pieces, and some software combines them to form the passphrase that is used to unlock the container. To make it more difficult to access the passphrase while unlocking the container, you might run it all on a ramfs from within an initrd or similar. It should work. Whether it will be secure enough depends on your threat model. Obviously. -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vk0-x22e.google.com (mail-vk0-x22e.google.com [IPv6:2607:f8b0:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 19:14:55 +0200 (CEST) Received: by mail-vk0-x22e.google.com with SMTP id z68so69834124vkg.3 for ; Wed, 30 Mar 2016 10:14:54 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> Date: Wed, 30 Mar 2016 13:14:53 -0400 Message-ID: From: Selim James Levy Content-Type: multipart/alternative; boundary=001a113cc51cc1428f052f474827 Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Fernando D. Pedemonte" Cc: "dm-crypt@saout.de" --001a113cc51cc1428f052f474827 Content-Type: text/plain; charset=UTF-8 Hi Fernando, There could be an ugly-ish hack to accomplish what you need. It isn't scalable to a (much) larger number of people, however. Let the 3 people's names be be A, B, and C (in that alphabetical order) and their respective passphrases be A*, B*, and C*. You could tell the three people that if 2 of the three wanted access, they would type in their passphrases *one after the other* in the person's (name) alphabetical order. You would then only need 3 passphrases: A*B*, A*C*, and B*C*. As I said: this is an ugly hack. Best Regards, Selim On 30 March 2016 at 09:18, Fernando D. Pedemonte < fernando.pedemonte@infodat.com.ar> wrote: > Dear List > > I am trying to setup an encrypted partition, and I requiere 2 people of 3 > putting a pass-phrase to unlock the device. > Is there any way that I can setup in the system to require keys in two > different slots to unlock the device? > > Thanks in advance for your response > Best Regards > FP- > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > > --001a113cc51cc1428f052f474827 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Fernando,

There could be an ugly-ish= hack to accomplish what you need.=C2=A0 It isn't scalable to a (much) = larger number of people, however.

Let the 3 people= 's names be be A, B, and C (in that alphabetical order) and their respe= ctive passphrases be A*, B*, and C*.

You could tel= l the three people that if 2 of the three wanted access, they would type in= their passphrases *one after the other* in the person's (name) alphabe= tical order.=C2=A0 You would then only need 3 passphrases: A*B*, A*C*, and = B*C*.

As I said: this is an ugly hack.

<= br>

Best Regards,

Selim

On 30 March 2016 at 09:18, Fernando D= . Pedemonte <fernando.pedemonte@infodat.com.ar> wrote:

Dear List

I am trying to setup an encrypted partition, and I r= equiere 2 people of 3 putting=C2=A0a pass-phrase to unlock the device.
Is there any way that I can setup in the system to require keys in tw= o different slots to unlock the device?

Thanks in = advance for your response
Best Regards
FP-

_____= __________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

--001a113cc51cc1428f052f474827-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (mail.tansi.org [87.118.116.4]) by mail.server123.net (Postfix) with ESMTP for ; Wed, 30 Mar 2016 20:08:09 +0200 (CEST) Received: from gatewagner.dyndns.org (77-57-36-72.dclient.hispeed.ch [77.57.36.72]) by v6.tansi.org (Postfix) with ESMTPA id 7444520DC13E for ; Wed, 30 Mar 2016 20:08:08 +0200 (CEST) Date: Wed, 30 Mar 2016 20:08:08 +0200 From: Arno Wagner Message-ID: <20160330180807.GA25081@tansi.org> References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi FP, no, you cannot. You can simulate it though: Say the persons have passphases aaa bbb and ccc. set-up passphrases aaabbb aaaccc and bbbccc and have a wrapper-script that concatenates the two inputs from the persons and hands it to cryptsetup. (Or use libcruptsetup and a C program.) Regards, Arno On Wed, Mar 30, 2016 at 15:18:54 CEST, Fernando D. Pedemonte wrote: > Dear List > I am trying to setup an encrypted partition, and I requiere 2 people of > 3 putting a pass-phrase to unlock the device. > Is there any way that I can setup in the system to require keys in two > different slots to unlock the device? > Thanks in advance for your response > Best Regards > FP- > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.infodat.com.ar (unknown [190.210.75.125]) by mail.server123.net (Postfix) with SMTP for ; Wed, 30 Mar 2016 21:30:52 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.infodat.com.ar (Postfix) with ESMTP id 10796411E973 for ; Wed, 30 Mar 2016 16:32:45 -0300 (ART) Received: from mail.infodat.com.ar ([127.0.0.1]) by localhost (mail.infodat.com.ar [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id OUuxlk8LTfoS for ; Wed, 30 Mar 2016 16:32:42 -0300 (ART) Received: from localhost (localhost [127.0.0.1]) by mail.infodat.com.ar (Postfix) with ESMTP id 5C88B411CCD9 for ; Wed, 30 Mar 2016 16:32:42 -0300 (ART) Received: from mail.infodat.com.ar ([127.0.0.1]) by localhost (mail.infodat.com.ar [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id BRuFESXyEdiD for ; Wed, 30 Mar 2016 16:32:42 -0300 (ART) Received: from mail.infodat.com.ar (mail.kaos.local [172.31.18.10]) by mail.infodat.com.ar (Postfix) with ESMTP id 3C096411E973 for ; Wed, 30 Mar 2016 16:32:42 -0300 (ART) Date: Wed, 30 Mar 2016 16:32:41 -0300 (ART) From: "Fernando D. Pedemonte" Message-ID: <1879743151.61.1459366361725.JavaMail.zimbra@infodat.com.ar> In-Reply-To: References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_60_43610706.1459366361724" Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt ------=_Part_60_43610706.1459366361724 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Thanks for your quick responses, I was thinking in a solution like this one. But I wanted to check with the experts before doing it hehe. Since i only need 2 of 3 quorum, I will adopt this hack Best Regards FP- From: "Selim James Levy" To: "Fernando D. Pedemonte" Cc: "dm-crypt" Sent: Wednesday, March 30, 2016 2:14:53 PM Subject: Re: [dm-crypt] Quorum system on decryption passphrase Hi Fernando, There could be an ugly-ish hack to accomplish what you need. It isn't scalable to a (much) larger number of people, however. Let the 3 people's names be be A, B, and C (in that alphabetical order) and their respective passphrases be A*, B*, and C*. You could tell the three people that if 2 of the three wanted access, they would type in their passphrases *one after the other* in the person's (name) alphabetical order. You would then only need 3 passphrases: A*B*, A*C*, and B*C*. As I said: this is an ugly hack. Best Regards, Selim On 30 March 2016 at 09:18, Fernando D. Pedemonte < fernando.pedemonte@infodat.com.ar > wrote: Dear List I am trying to setup an encrypted partition, and I requiere 2 people of 3 putting a pass-phrase to unlock the device. Is there any way that I can setup in the system to require keys in two different slots to unlock the device? Thanks in advance for your response Best Regards FP- _______________________________________________ dm-crypt mailing list dm-crypt@saout.de http://www.saout.de/mailman/listinfo/dm-crypt ------=_Part_60_43610706.1459366361724 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Thanks for your quick responses, I was thin= king in a solution like this one. But I wanted to check with the experts be= fore doing it hehe.

Since i only need 2 of 3 quorum, I will = adopt this hack

Best Rega= rds

FP-

From: "Selim James Levy= " <sjtlevy@gmail.com>
To: "Fernando D. Pedemonte" <ferna= ndo.pedemonte@infodat.com.ar>
Cc: "dm-crypt" <dm-crypt@saou= t.de>
Sent: Wednesday, March 30, 2016 2:14:53 PM
Subject= : Re: [dm-crypt] Quorum system on decryption passphrase

<= br>

Hi Fernando,=

There could be an ugly-ish hack to accomplish what you need. = It isn't scalable to a (much) larger number of people, however.

<= div>Let the 3 people's names be be A, B, and C (in that alphabetical order)= and their respective passphrases be A*, B*, and C*.

You coul= d tell the three people that if 2 of the three wanted access, they would ty= pe in their passphrases *one after the other* in the person's (name) alphab= etical order. You would then only need 3 passphrases: A*B*, A*C*, and= B*C*.

As I said: this is an ugly hack.

Best Re= gards,

Selim

On 30 March 2016 at 09:18, Fernando D. Pedemonte <fernand= o.pedemonte@infodat.com.ar> wrote:

Dear Li= st

I am trying to setup an encrypted partition, and I requier= e 2 people of 3 putting a pass-phrase to unlock the device.
= Is there any way that I can setup in the system to require keys in two diff= erent slots to unlock the device?

Thanks in advance for your = response
Best Regards
FP-

________= _______________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/ma= ilman/listinfo/dm-crypt

------=_Part_60_43610706.1459366361724--