add information on separate passphrases

This commit is contained in:
Daniel Micay 2021-01-13 04:46:58 -05:00
parent cf2a1fea2c
commit 27481e6449

View File

@ -338,7 +338,11 @@
only for managing other profiles. Using a secondary profile for regular usage
allows you to make use of the device without decrypting the data in your
regular usage profile. It also allows putting it at rest without rebooting the
device.</p>
device. Even if you use the same passphrase for multiple profiles, each of
those profiles still ends up with a unique key encryption key and a compromise
of the OS while one of them is active won't leak the passphrase. The advantage
to using separate passphrases is in case an attacker records you entering
it.</p>
<p>File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A
unique key is derived using HKDF-SHA512 for each regular file, directory and