From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from blaine.gmane.org (unknown [195.159.176.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Thu, 27 Oct 2016 15:46:50 +0200 (CEST) Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1bzl11-00038t-2y for dm-crypt@saout.de; Thu, 27 Oct 2016 15:46:43 +0200 From: Robert Nichols Date: Thu, 27 Oct 2016 08:46:22 -0500 Message-ID: References: <20161027075535.GA4754@tansi.org> <8329bd27-e70a-99d8-5612-9277a5a4806b@whgl.uni-frankfurt.de> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <8329bd27-e70a-99d8-5612-9277a5a4806b@whgl.uni-frankfurt.de> Subject: Re: [dm-crypt] pashphrase management question List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 10/27/2016 05:24 AM, Sven Eschenberg wrote: > > > Am 27.10.2016 um 09:55 schrieb Arno Wagner: >> Regular passphrase changes on storage-encryption make >> absolutely no sense and gives you absolutely no >> protection benefit (unless you have told somebody >> that should not know, in which case you need to change >> them immediately). > > I might be wrong, but changing the passphrase could make sense if (and only if) you switch the > actual encryption key along with it by reencrypting the whole device. Aside from that changing > passphrases seems a little pointless. You are correct, but cryptsetup-reencrypt is a lengthy process, during which the slightest glitch can cause you to lose everything. It's not the sort of thing you want to be doing routinely. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.