add information on separate passphrases
This commit is contained in:
parent
cf2a1fea2c
commit
27481e6449
@ -338,7 +338,11 @@
|
||||
only for managing other profiles. Using a secondary profile for regular usage
|
||||
allows you to make use of the device without decrypting the data in your
|
||||
regular usage profile. It also allows putting it at rest without rebooting the
|
||||
device.</p>
|
||||
device. Even if you use the same passphrase for multiple profiles, each of
|
||||
those profiles still ends up with a unique key encryption key and a compromise
|
||||
of the OS while one of them is active won't leak the passphrase. The advantage
|
||||
to using separate passphrases is in case an attacker records you entering
|
||||
it.</p>
|
||||
|
||||
<p>File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A
|
||||
unique key is derived using HKDF-SHA512 for each regular file, directory and
|
||||
|
Loading…
x
Reference in New Issue
Block a user