undefined | Better HN

0 pointshellojesus9d ago0 comments

> I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.

Isn't this rather trivial? You gen a keyfile, register it with luksAddKey, then update /etc/crypttab, no? The real concern is making sure that keyfile is stored securely, but you can simply symmetrically encrypt it and upload it to your favorite cloud storage provider.

0 comments

2 comments · 1 top-level

kubik3699d ago· 1 in thread

Uuh, I am not sure. I believe that he was talking about having full disk encryption which means that he needs to input the password to unlock the boot partition.

drnick19d ago

You can use TPM2 to automatically unlock the root partition and not have to input a password manually at boot. This is how my laptop (running Arch, btw) is setup. Whether or not disk encryption is necessary for a system that is physically secure at home or elsewhere is debatable however. But a laptop can be easily left somewhere and disk encryption seems necessary unless it never leaves home.

j / k navigate · click thread line to collapse