|
|
|
|
|
|
by wat10000
523 days ago
|
|
|
If you have multiple users then you make it so any of their passwords can decrypt the drive. It’s pretty simple to do this securely. Encrypt the drive with a random key. Derive keys from all the passwords. Use each of those keys to encrypt the drive key and store those encrypted keys. On boot, the user enters their password and then this is used to decrypt the disk key. This also allows you to set up other keys, so that for example a company IT department can have a recovery key for the computer without needing to know your password. This means your disk encryption security is now the limited by the worst password of any user, but that’s still a million times better than having the key be available to the system with no password at all. |
|
|