[SATLUG] LUKS encrypting logical volumes on Debian Lenny Server

Daniel J. Givens daniel at rugmonster.org
Thu May 1 08:55:59 CDT 2008


Chris Lemire wrote:
> I didn't know I could use keys instead of the encryption paraphrase. Can I have it read keys over a network from another computer?

No. The point of the USB key is that it's a physical token. When 
combined with the use of a passphrase, you can leverage the "something 
you have/something you know" for an additional layer of security. 
Conceivably, provided you didn't need the encrypted volume immediately 
at boot, you could put your key file on a network volume and mount that 
prior to mounting the encrypted volume.

> No, I just do this because I can like all the other stuff I do for Linux. It's fun to me. Who knows why?

Okay! I completely understand! I just wanted to make sure I pointed that 
out in case you were hoping to use that setup with the assumption that 
you were going to get an additional layer of security.

Cheers,
Daniel


More information about the SATLUG mailing list