eCryptfs

Change ECryptFS mount passphrase

Asked by Anquietas

Hello,

Please tell me how can I change the mount passphrase.

The problem, my mistake, was that I recovered a mount passhprase on a remote machine using "ecryptfs-unwrap-passphrase"... I typed my login passphrase from that machine, and it showed me the unwrapped mount passphrase (looked like a SHA1 hash) which I saved in a Text File on my local computer.

But I have reason to believe, that while I was gone for 10 minutes, someone could have accesed that text file and read the mount passphrase of that remote machine.

Please tell me how can I change the MOUNT passphrase, not the login passphrase of the Encrypted Home Directory on the remote machine.

Thank you

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
Last query:
Last reply:
Revision history for this message
Dustin Kirkland  (kirkland) said : 		#1

This is actually fairly complicated. I've spent a couple of hours
today trying to automate this for you, but it's not quite there yet,
and I can't spend more time on this today.

I'll try to get back here later.

In terms of the most secure option, I'd recommend backing up your
data, reinstalling, and then copying back into place. Sorry I can't
help much more right now.

Dustin

Revision history for this message
Best Dustin Kirkland  (kirkland) said : 		#2

On Mon, May 23, 2011 at 6:18 PM, Dustin Kirkland
<email address hidden> wrote:
> In terms of the most secure option, I'd recommend backing up your
> data, reinstalling, and then copying back into place.  Sorry I can't
> help much more right now.

Moreover, if *my* mount passphrase were compromised, this is EXACTLY
what I'd do... Backup, reinstall from scratch, restore data.

Thanks,
--
:-Dustin

Revision history for this message
Anquietas (e-admin-infosky-ro) said : 		#3

Yes, I realized that.

Thank you for your help :) I will reinstall my account.

Revision history for this message
Anquietas (e-admin-infosky-ro) said : 		#4

Thanks Dustin Kirkland, that solved my question.

Revision history for this message
Dustin Kirkland  (kirkland) said : 		#5

No problem. Sorry I couldn't come up with an automated way of doing
this. Believe me, I tried. There are multiple, possibly error-prone
steps :-(

Revision history for this message
Ilya Zhitomirskiy (zhitomirskiyi) said : 		#6

@Dustin Thanks for trying. This would be great, is there a link to the step?