From 179b5ba3bedcb632d375014f4cd9249e1f26fdad Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Thu, 29 Oct 2015 06:04:48 +0000 Subject: docs/gnulinux/*: recommend the diceware method for passphrases --- docs/gnulinux/configuring_parabola.html | 4 ++++ docs/gnulinux/encrypted_parabola.html | 12 ++++++++++++ docs/gnulinux/encrypted_trisquel.html | 12 +++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/gnulinux/configuring_parabola.html b/docs/gnulinux/configuring_parabola.html index 1c6a5182..41ec7168 100644 --- a/docs/gnulinux/configuring_parabola.html +++ b/docs/gnulinux/configuring_parabola.html @@ -307,6 +307,10 @@ # passwd yourusername

+

+ Use of the diceware method is recommended, for generating secure passphrases (instead of passwords). +

+

Back to top of page

diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index d920e34a..1fe1a8bd 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -181,6 +181,10 @@ Choose a secure passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password length should be as long as you are able to handle without writing it down or storing it anywhere.

+ +

+ Use of the diceware method is recommended, for generating secure passphrases (instead of passwords). +

@@ -414,6 +418,10 @@ FONT=Lat9w-16 # passwd root
Make sure to set a secure password! Also, it must never be the same as your LUKS password.

+ +

+ Use of the diceware method is recommended, for generating secure passphrases (instead of passwords). +

@@ -558,6 +566,10 @@ initrd /boot/initramfs-linux-libre-lts.img Or make sure to get connected to the internet in any other way you prefer, at least.

+

+ Use of the diceware method is recommended, for generating secure passphrases (instead of passwords). +

+

AGAIN: MAKE SURE TO DO THIS WHOLE SECTION ON grubtest.cfg *BEFORE* DOING IT ON grub.cfg. (When we get there, upon reboot, select the menu entry that says Switch to grubtest.cfg and test that it works. diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html index 1b5b2e8b..09048097 100644 --- a/docs/gnulinux/encrypted_trisquel.html +++ b/docs/gnulinux/encrypted_trisquel.html @@ -46,6 +46,10 @@ Set a strong user password (lots of lowercase/uppercase, numbers and symbols).

+

+ Use of the diceware method is recommended, for generating secure passphrases (instead of passwords). +

+

when the installer asks you to set up encryption (ecryptfs) for your home directory, select 'Yes' if you want to: LUKS is already secure and performs well. Having ecryptfs on top of it @@ -76,7 +80,7 @@

  • Encryption: aes
  • key size: 256
  • IV algorithm: xts-plain64
    • -
  • Encryption key: passphrase
    • +
  • Encryption key: passphrase
    • (diceware method recommended for choosing password)
  • erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)
    • @@ -294,6 +298,9 @@ Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password.

    +

    + Use of the diceware method is recommended, for generating secure passphrases (as opposed to passwords). +

    The GRUB utility can be used like so:
    @@ -304,6 +311,9 @@ Give it a password (remember, it has to be secure) and it'll output something like:
    grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711

    +

    + Use of the diceware method is recommended, for generating secure passphrases (instead of passwords). +

    Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):
    -- cgit v1.2.3-70-g09d2