Linux, NetBSD, etc. can be installed with LUKS, so besides the /boot, all other FS will be encrypted. Probably the kernel needs to be booted before the password prompt gets to the user. The LUKS password
My question: Does it makes sense to change the LUKS password at every 90 days?
(I mean how can an attacker gain the LUKS password? if it's with an Evil Maid.. then it's already lost since the attacker gained access to the kernel.)
Password rotation really depends on use and exposure. If the machine is always on and the password is only ever used during a monthly reboot, then rotating that password after every 3rd use doesn't make a whole heap of sense.
Instead of thinking in terms of time, think of password rotation in terms of risk. How often do you use the password, on how many machines do you type your password, in what sort of environment do you type it (e.g. in an airport, coffee house, or perhaps only standing alone in a server room), how many people know the password, etc.
If more than one person has access to the password, then you should rotate it regularly as a matter of course. Rotation decreases the exposure if the password is ever inadvertently disclosed; and the more people who see it, the more likely one will disclose it (either intentionally or not). Changing the password immediately revokes access from anyone who should not have access (assuming they haven't installed some sort of back door).
But most importantly, always, always, always change a password when someone has it who shouldn't (or who no longer needs it).
Your risk will never be zero, and there is no problem that changing your password is guaranteed to solve. But many times I've seen instances where the same password has been in use controlling a resource for years, no matter who comes and goes. I've seen businesses sunk because a password was given to a contractor 3 years earlier, who saved that password on a personal computer which since was compromised by attackers.
You don't need rigid, blind, senseless password rotation policies to be safe. But you need to be aware of the risk that a given password represents.
Well, it depends. If an attacker has once had access to your LUKS encrypted volume, password rotation beyond that incident is useless. This is because the attacker may have made a backup of your LUKS header, which contains all the information required to decrypt your LUKS volume- provided a passphrase is known. See the cryptsetup FAQ for more information.
