Linux:Luks Password Changing

Given my most recent posts about Linux Linux:System_Encryption[system encryption] and Linux:dm-crypt_Encrypted_Home_Directories[encrypted home directories], I think this post is a good followup since account passwords should be changed routinely.

I use dm-crypt with a LUKS header for my work computer’s encryption. It uses my Active Directory password for the luks password. While my Windows password is a very safe one, Windows NTLM is not the most secure hashing algorithm on the planet, but I digress.

I just changed my password at work after 3 months of use, which means I’ve got to update my LUKS header with the new key and remove the old one (it still works fine, I just want one password for my logins). Yes, this is in the man page, but I thought I’d post this here for anyone too lazy (like myself) to hunt through the man page. It turns out there is a change key feature of cryptsetup.

luksChangeKey <device>

If you run that command, it will ask you for the old password. Type that in and if it matches, you will be prompted to enter the new password twice. Once that’s done, there’s no need to umount and remount. The next time the volume is remounted though, it will require the new password.

Category:Linux Category:Security Category:Encryption