add information on separate passphrases

2021-01-13 04:46:58 -05:00 · 2021-01-13 04:46:58 -05:00 · 27481e6449
commit 27481e6449
parent cf2a1fea2c
1 changed files with 5 additions and 1 deletions
--- a/static/faq.html
+++ b/static/faq.html
@ -338,7 +338,11 @@
                    only for managing other profiles. Using a secondary profile for regular usage
                    allows you to make use of the device without decrypting the data in your
                    regular usage profile. It also allows putting it at rest without rebooting the
-                    device.</p>
+                    device. Even if you use the same passphrase for multiple profiles, each of
+                    those profiles still ends up with a unique key encryption key and a compromise
+                    of the OS while one of them is active won't leak the passphrase. The advantage
+                    to using separate passphrases is in case an attacker records you entering
+                    it.</p>

                    <p>File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A
                    unique key is derived using HKDF-SHA512 for each regular file, directory and