From 179b5ba3bedcb632d375014f4cd9249e1f26fdad Mon Sep 17 00:00:00 2001
From: Francis Rowe <info@gluglug.org.uk>
Date: Thu, 29 Oct 2015 02:04:48 -0400
Subject: docs/gnulinux/*: recommend the diceware method for passphrases

---
(limited to 'docs/gnulinux/encrypted_trisquel.html')

diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html
index 1b5b2e8..0904809 100644
--- a/docs/gnulinux/encrypted_trisquel.html
+++ b/docs/gnulinux/encrypted_trisquel.html
@@ -47,6 +47,10 @@
 		</p>
 
 		<p>
+			Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+		</p>
+
+		<p>
 			when the installer asks you to set up
 			encryption (ecryptfs) for your home directory, select 'Yes' if you want to: <b>LUKS is already secure and performs well. Having ecryptfs on top of it
 			will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended.
@@ -76,7 +80,7 @@
 							<li>Encryption: aes</li>
 							<li>key size: 256</li>
 							<li>IV algorithm: xts-plain64</li>
-							<li>Encryption key: passphrase</li>
+							<li>Encryption key: passphrase</li> (<i>diceware method</i> recommended for choosing password)
 							<li>erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)</li>
 						</ul>
 					</li>
@@ -294,6 +298,9 @@
 				Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see
 				GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. <b>This should be different than your LUKS passphrase and user password.</b>
 			</p>
+			<p>
+				Use of the <i>diceware method</i> is recommended, for generating secure passphrases (as opposed to passwords).
+			</p>
 
 			<p>
 				The GRUB utility can be used like so:<br/>
@@ -304,6 +311,9 @@
 				Give it a password (remember, it has to be secure) and it'll output something like:<br/>
 				<b>grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
 			</p>
+			<p>
+				Use of the <i>diceware method</i> is recommended, for generating secure passphrases (instead of passwords).
+			</p>
 
 			<p>
 				Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):<br/>
--
cgit v0.9.1