Possibility of using a passphrase to decrypt home

As already mentioned in the old forum, the use of a PIN for decryption is relatively insecure, unless the PIN is very long. That’s because there are a lot more possible combinations when using the alphabet (plus perhaps special characters and numbers) than with the numbers 1 to 9. When using letters, there are also easier strategies to remember them (such as first letters of words) without using dictionary entries - while remembering long numbers is rather difficult for most people. Therefore, allowing a password would be a great improvement in security.

This is less important for the lock code, as it does not protect efficiently anyway. The option of using a password instead of a numeric PIN in this case as well wouldn’t be bad either.

I’m not sure if I’m missing something that would argue against the option to use a passphrase. LUKS should be able to do it, just as I use it with my desktop Linux. And if a numeric keyboard can be displayed at start-up, it should also be possible to display a full keyboard, right?

It would be even better if you would be able to decrypt the home partition and the encrypted SD card with the same passphrase when starting the system. But I would already be happy if a password for the encrypted home partition were possible at all. A system that is advertised with security and privacy should offer this feature.

4 Likes

I couldn’t be in more violent agreement with this request. I was highly disappointed when Koli was released without this feature. I would imagine this is trivial to implement as the underlying software already supports it, just a matter of what @jonathan described involving showing they keyboard at boot and in the Settings menu.

2 Likes