Enterprise privacy with a photo of your mum

I was quite amazed on how easy my guided full system encryption of Debian 8 went.

Standard install of Debian select the LVM encrypted option and go.

The passphrase is only required for boot and its easy to brick your device for anyone else by simply shutting down as they are not getting into your system or files unless they know that passphrase.

Being one of those who are not great with memory, it did occur to me that swapping that passphrase to a file on a USB stick might be handy.
It is extremely easy to do and the below article is very concise with a few different methods.


You only need it on boot so once running you can go and place that usb drive somewhere safe where you will never find it again :slight_smile: That is a problem as no-one is getting onto your system or at your files if you do.

This caught my eye though and you can use a binary for your key file, which could be an image, audio even a video.
The key to your server could be on public display, but no-one would guess.
It could be a photo on facebook with all the other brown stuff that people post and easily retrieved but stored remotely and safely, whilst no-one realises its a key file.

So yes your mum could be a military grade encryption wall to prying eyes if you so wished and I have to admit the possibility has raised my curiosity on the possibility of a very simple app for the complete non techies out there.
Thinking blkid could make a fairly foolproof and easy system, using a known label… could even be a cd/dvd as long as the user doesn’t use ‘keyfiledisk’ :confused:

As changing keyfiles is a doddle and your mum comes with extremely strong encryption.