Two keys for newly installed full disk encryption?

kalpana · Nov 06, 2023, 03:41 AM

Hello!

I just installed Kubuntu 21.10, and chose the encrypted LVM option during installation. It now asks me for the passphrase on boot, as expected.

However, I see something that scares me: cryptsetup luksDump reports TWO keys for the encrypted partition. I guess one of them is the passphrase I supplied, but what is the other one?

(I removed the salt from the output I pasted below. Not sure if that was necessary or not, I am not well versed on this.)

Code:

Code Select

Ke*****s:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2i
        Time cost:  4
        Memory:     923333
        Threads:    1
        Salt:
        AF stripes: 4000
        AF hash:    sha256
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
  1: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2i
        Time cost:  4
        Memory:     1015869
        Threads:    1
        Salt:
        AF stripes: 4000
        AF hash:    sha256
        Area offset:290816 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0

Cobra Forum

News:

Two keys for newly installed full disk encryption?

kalpana