|
|
|
|
|
|
by ndsipa_pomu
39 days ago
|
|
|
> Interestingly, LUKS does not have a composite key mode natively that lets you combine a password with TPM material, but there are some good reasons not to use JUST a password: > 1. The strength of your disk encryption reduces to the strength of the password, where a TPM can have a 256-bit truly random key I've used LUKS a fair amount, but don't have deep knowledge of how it works, but it's easy to add extra keys to an encrypted device (e.g cryptsetup luksAddKey) which suggests to me that the encryption isn't purely a function of the strength of the password. |
|
|