aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2015-10-29 06:04:48 +0000
committerFrancis Rowe <info@gluglug.org.uk>2015-10-29 06:04:48 +0000
commit179b5ba3bedcb632d375014f4cd9249e1f26fdad (patch)
tree25fcc744dc220bed0e6255134073b4eedd7a3737 /docs
parent935142e062583afb6f454ffa8b655b471938472f (diff)
downloadlibrebootfr-179b5ba3bedcb632d375014f4cd9249e1f26fdad.tar.gz
librebootfr-179b5ba3bedcb632d375014f4cd9249e1f26fdad.zip
docs/gnulinux/*: recommend the diceware method for passphrases
Diffstat (limited to 'docs')
-rw-r--r--docs/gnulinux/configuring_parabola.html4
-rw-r--r--docs/gnulinux/encrypted_parabola.html12
-rw-r--r--docs/gnulinux/encrypted_trisquel.html12
3 files changed, 27 insertions, 1 deletions
diff --git a/docs/gnulinux/configuring_parabola.html b/docs/gnulinux/configuring_parabola.html
index 1c6a5182..41ec7168 100644
--- a/docs/gnulinux/configuring_parabola.html
+++ b/docs/gnulinux/configuring_parabola.html
@@ -307,6 +307,10 @@
# <b>passwd <i>yourusername</i></b>
</p>
+ <p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+ </p>
+
<p><a href="#pagetop">Back to top of page</a></p>
</div>
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html
index d920e34a..1fe1a8bd 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -181,6 +181,10 @@
Choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The
password length should be as long as you are able to handle without writing it down or storing it anywhere.
</p>
+
+ <p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+ </p>
</div>
@@ -414,6 +418,10 @@ FONT=Lat9w-16
# <b>passwd root</b><br/>
Make sure to set a secure password! Also, it must never be the same as your LUKS password.
</p>
+
+ <p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+ </p>
</div>
@@ -558,6 +566,10 @@ initrd /boot/initramfs-linux-libre<u>-lts</u>.img
Or make sure to get connected to the internet in any other way you prefer, at least.
</p>
+ <p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+ </p>
+
<p style="font-size:2em;">
AGAIN: MAKE SURE TO DO THIS WHOLE SECTION ON grubtest.cfg *BEFORE* DOING IT ON grub.cfg.
(When we get there, upon reboot, select the menu entry that says <i>Switch to grubtest.cfg</i> and test that it works.
diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html
index 1b5b2e8b..09048097 100644
--- a/docs/gnulinux/encrypted_trisquel.html
+++ b/docs/gnulinux/encrypted_trisquel.html
@@ -47,6 +47,10 @@
</p>
<p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+ </p>
+
+ <p>
when the installer asks you to set up
encryption (ecryptfs) for your home directory, select 'Yes' if you want to: <b>LUKS is already secure and performs well. Having ecryptfs on top of it
will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended.
@@ -76,7 +80,7 @@
<li>Encryption: aes</li>
<li>key size: 256</li>
<li>IV algorithm: xts-plain64</li>
- <li>Encryption key: passphrase</li>
+ <li>Encryption key: passphrase</li> (<i>diceware method</i> recommended for choosing password)
<li>erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)</li>
</ul>
</li>
@@ -294,6 +298,9 @@
Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see
GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. <b>This should be different than your LUKS passphrase and user password.</b>
</p>
+ <p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (as opposed to passwords).
+ </p>
<p>
The GRUB utility can be used like so:<br/>
@@ -304,6 +311,9 @@
Give it a password (remember, it has to be secure) and it'll output something like:<br/>
<b>grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
</p>
+ <p>
+ Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+ </p>
<p>
Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):<br/>