Disk encryption is a crucial aspect of securing sensitive data on your computer. LUKS2 (Linux Unified Key Setup 2) is a popular disk encryption format used by many GNU/Linux distributions. Changing the disk encryption passphrase regularly is an essential practice to maintain data security. In this blog post, we will guide you through the process of how to change the LUKS2 disk encryption passphrase, ensuring your data remains protected.
Option 1: One-line solution to change the disk encryption password
If you are looking for a one-line universal way to change the LUKS2 disk encryption password in the terminal, copy and paste the following phrase in a terminal:
sudo cryptsetup luksChangeKey $(sudo blkid | awk -F':' '/crypto_LUKS/{ print $1 }')Troubleshooting
If the commande above doesn’t work for you, you can try the same command but without ‘sudo’ as a root user. Otherwise, you can try to find the encrypted partition manually with the following command.
sudo lsblk | grep cryptNote the partition name, for example ‘sda2’ or ‘nvme0n1p2’. Then change the encryption password by the following command:
sudo cryptsetup luksChangeKey /dev/nvme0n1p2Please note that you will need to change ‘nvme0n1p2’ based on the output of the earlier command.
Option 2: Step-by-Step Guide to Changing the LUKS2 Disk Encryption Passphrase (GUI method)
The most popular GNU/Linux operating systems come with gnome-disk-utility (Disks) pre-installed. This includes a simple GUI method to change the disk encryption password. To do so, follow these steps:
| Step 1: Open the tool Disks. |  |
| Step 2: Search for and click on the LUKS2-encrypted partition you want to change the passphrase for, which you can recognise by the lock icon. |  |
| Step 3: Click on the gear icon. |  |
| Step 4: Click on ‘Change passphrase …’. | |
| Step 5: Enter the current passphrase and your new passphrase twice as prompted. | |
| Step 6: Confirm the changes by clicking the ‘Change’ button. |
Best practices and considerations
When changing your LUKS2 disk encryption passphrase, keep these best practices in mind:
- Choose a strong passphrase: Use a combination of uppercase and lowercase letters, numbers, and symbols.
- Memorise or securely store the new passphrase: Avoid writing it down in easily accessible places.
- Regularly update your passphrase: Set a reminder to change it periodically to maintain data security.
Conclusion
Changing the LUKS2 disk encryption passphrase is a critical step in maintaining the security of your sensitive data. By following the step-by-step guide outlined in this blog post, you know how to change the LUKS2 disk encryption passphrase and enhance the security of your system. Remember to choose a strong passphrase and keep it confidential. Take the necessary precautions to protect your data and enjoy the peace of mind that comes with robust disk encryption. A NovaCustom laptop with Dasharo coreboot firmware and LUKS2 disk encryption is the perfect combination for a more secure computer experience.
Wessel klein Snakenborg (Director of NovaCustom)
About the author: Wessel Klein Snakenborg is passionate about technology since childhood. He launched NovaCustom in 2015, crafting tailor-made laptops with privacy and security in mind. With a focus on user-friendliness, NovaCustom continues to redefine the laptop experience, led by Wessel's commitment to innovation and collaboration.
