On 10/27/2016 05:24 AM, Sven Eschenberg wrote:
Am 27.10.2016 um 09:55 schrieb Arno Wagner:
Regular passphrase changes on storage-encryption make
absolutely no sense and gives you absolutely no
protection benefit (unless you have told somebody
that should not know, in which case you need to change
them immediately).
I might be wrong, but changing the passphrase could make sense if (and only if) you switch the
actual encryption key along with it by reencrypting the whole device. Aside from that changing
passphrases seems a little pointless.
You are correct, but cryptsetup-reencrypt is a lengthy process,
during which the slightest glitch can cause you to lose everything.
It's not the sort of thing you want to be doing routinely.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
