What if you forget the passphrase after not using it for many years and you suddenly need a file on the drive?

Print it on a piece of paper and put it in a lock box.

Better still: LUKS allows you to set up multiple entry keys, so use two, either of which will grant access to the drive.

* Your preferred memorized passphrase and will never be written down anywhere.

* A random key you can print and store in a box somewhere.

Then if your backup paper gets lost, you can revoke/replace it without having to abandoned your memorized favorite.

▲

slashdave 2 hours ago | parent [-]

Yep. You can also put your key on a usb drive that can be read on boot.

Just choose a good quality one....

	▲	Terr_ 2 hours ago \| parent [-]
		A few ideas for extra security: * Split the recovery key in two, store each half with a different friend. (If you're feeling fancy, XOR the halves and store that with a third friend, then any two out of three will work.) * Sneak the key into something you know friends/family won't throw away while you're still alive, like stuck to the back of a sentimental photo in a frame. ____ That said, I think I'm wandering from the original "accumulating dusty old drives in a box" scenario, which has a simpler solution: Keep a growing old_drives_keys.txt file on your current (encrypted) main device.

▲

nickjj 2 hours ago | parent | prev [-]

Yep, this is the way. It survives human memory and doesn't depend on software.

If you keep it in a dark environment that's not super humid the ink should last a really long time. Even in non-optimal conditions (NY summers with high humidity, etc.) I've had regular pen ink last for decades with no signs of fading away.