PDA

View Full Version : [ubuntu] How to change cryptsetup full-disk-encryption passphrase?



peterzh
March 27th, 2009, 06:12 PM
peter@petercomp:~$ sudo cryptsetup status sda3_crypt
/dev/mapper/sda3_crypt is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda3
offset: 2056 sectors
size: 209983559 sectors
mode: read/write

How would I go about changing the passphrase for this device? I know the current passphrase.

Also is it possible to change the string outputted on startup? It normally says something like "Please enter the passphrase to unlock encrypted device UUID-<randomstuffhere>"?

Any help would be appreciated

hyper_ch
March 28th, 2009, 02:36 PM
changing luks passwords involves two steps:

(1) adding a new one
(2) delete the old one

You have 12 slots (or 15) which you can use for different passwords/keyfiles to unlock the partition. The rationale because you cannot change it but must add and then revmove is simple: it prevents you from accidentally deteling/altering a passphrase so that you won't lose access.

See step X of my guide here: http://www.howtoforge.com/ubuntu_dm_crypt_luks

peterzh
March 29th, 2009, 10:59 AM
Great. Thank you very much. :popcorn:

anirudh.srivathsa
June 29th, 2011, 07:23 AM
If i change the passphrase for encrypting the system, will it affect the key generated? will it affect the data present in the system?