This question has been asked before: difference between passphrase and key file in LUKS. There’s one comment, and one ‘answer’ that doesn’t answer the question. So I’m asking again.
In essence
- What’s the difference between a keyfile and a passphrase?
- Is it simply that a passphrase must be entered by the user each time the system tries to unlock the disk, but it automatically gets the keyfile without the need for user interaction?
- How is it possible to have multiple key slots? If a disk can be unencrypted with a complex keyfile OR a simple passphrase, what’s the point of the complex key file? Surely a brute-force attack would get to the simple passphrase quickly.
In other words, what’s the point in using a complex key file, if the same disk can be decrypted with a simple passphrase?
