diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index ac75de7bd..a161fc0f5 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -464,10 +464,12 @@ show_options_menu()
       ;;
     C )
       luks_reencrypt
+      [[ -n "$luks_current_Disk_Recovery_Key_passphrase" ]] && whiptail --title 'Reencryption successful!' --msgbox "Your LUKS volume was successfully reencrypted!\n\nNote that before booting the next time you should update your checksums.\nIf you are using a TPM Disk Unlock Key you also need to reseal that key." 0 80
       luks_secrets_cleanup
       ;;
     P )
       luks_change_passphrase
+      [[ -n "$luks_new_Disk_Recovery_Key_passphrase" ]] && whiptail --title 'Passphrase change successful!' --msgbox "Your LUKS volume passphrase was successfully changed!\n\nNote that before booting the next time you should update your checksums.\nIf you are using a TPM Disk Unlock Key you also need to reseal that key." 0 80
       luks_secrets_cleanup
       ;;
     R )
diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions
index 8f8e5ad72..6c9020921 100644
--- a/initrd/etc/luks-functions
+++ b/initrd/etc/luks-functions
@@ -350,14 +350,13 @@ luks_reencrypt() {
 			--msgbox "$msg" 0 80
 			echo -e "\nEnter the current LUKS Disk Recovery Key passphrase:"
 			read -r luks_current_Disk_Recovery_Key_passphrase
-			echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase
-			warn "Reencrypting "$LUKS" LUKS encrypted drive content with a new LUKS Disk Recovery Key. Do NOT shut down or reboot!"
-			cryptsetup-reencrypt -B 64 --use-directio "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase
-		else
-			echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase
-			warn "Reencrypting "$LUKS" LUKS encrypted drive content with a new LUKS Disk Recovery Key. Do NOT shut down or reboot!"
-			cryptsetup-reencrypt -B 64 --use-directio "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase
 		fi
+		echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase
+		#make secrets disappear from screen as reencryption can take a long time (we show these to the user again later in whiptail anyway)
+		clear
+		warn "Reencrypting "$LUKS" LUKS encrypted drive content with a new Disk Recovery Key. Do NOT shut down or reboot!"
+		cryptsetup-reencrypt -B 64 --use-directio "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase
+		
 		#Validate past cryptsetup-reencrypt attempts
 		if [ $(echo $?) -ne 0 ]; then
 			whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \