LUKS FDE password policy not enforced?

fastraul

6/26/24, 12:56 PM

I am noticing that on a vanilla Ubuntu 22.04 LTS installation, there is no password policy whatsoever enforced when changing the LUKS FDE password using cryptsetup luksChangeKey or luksAddKey.

In the man page for cryptsetup-luksAddKey the following is claimed:

   --force-password
       Do not use password quality checking for new LUKS passwords.

       This option is ignored if cryptsetup is built without
       password quality checking support.

       For more info about password quality check, see the manual
       page for pwquality.conf(5) and passwdqc.conf(5).

I have tried altering pwquality.conf -- the settings get enforced for the root password, but not for the cryptsetup command specifically. It would appear cryptsetup is built "without password quality checking support". If that is the case, does anyone know if it is possible to turn it on? Or would I need to compile my own from source (annoying as I would then have to change my workflow since I have been using LUKS FDE during the install process, which presumably could not be applied with a custom cryptsetup module)?

0 + 0

encryption

security

password

luks

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: LUKS FDE password policy not enforced?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.