Mailinglist Archive: opensuse-support (220 mails)

< Previous Next >
Re: [opensuse-support] 2FA for crypted disk

Am 22.01.19 um 08:45 schrieb Adam Mizerski:
1) There was a similar thread, you might find interesting:

thanks for the pointer. I missed that.

2) Show a link to the howto you found.
(german, pretty much a translation from teh github README)

3) LUKS has 8 slots for various keys to unlock the partition. You can
set up 3 passwords and 2 keyfiles and you need at least one to unlock
This should keep you safe from loosing access to your data.

That around the lines I found already. But for me this stops pretty
immediately when trying to check prerequisites.

# cryptsetup status /dev/mapper/cr_home
/dev/mapper/cr_home is active and is in use.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
key location: dm-crypt
device: /dev/nvme0n1p7
sector size: 512
offset: 4096 sectors
size: 888360960 sectors
mode: read/write

# cryptsetup luksDump /dev/mapper/cr_home
Device /dev/mapper/cr_home is not a valid LUKS device.

So I'm not even sure I can continue to add keys.

The encrypted FS is what YaST created when I installed Tumbleweed
roughly a year ago.
Is it usable at all?

Seems I need a virtual playground first before trying to fiddle with my
real hardware and break something.


W dniu 21.01.2019 o 23:26, Wolfgang Rosenauer pisze:

as I understand from searching around it should be possible to do something
2FA for crypto devices (LUKS). Or at least some challenge response.

I've got a Yubikey and I found an Ubuntu howto. Because this is a bit of a
implementation when my crypted home partition is not accessible anymore I'm a
bit hesitant to experiment like I do typically.

Therefore: Does anyone have a pointer to an HOWTO which works for openSUSE


< Previous Next >