Ah, and maybe equally importantly, what are the security ramifications
of changing password/keydisk vs. wiping and installing from scratch with
a new password/keydisk?
Say that you would change password/keydisk today, and then next week
someone gets a copy of your encrypted disk, and of your previous
password/keydisk.
Would they be able to extract any part of the disk information then, if
not why?
On 2015-11-20 21:58, Tinker wrote:
"bioctl -P" is to change passphrase without wiping the encrypted
partition's contents. How do you generate a new keydisk without wiping
the same?
I.e. I have an encrypted partition /dev/sd0a which is encrypted using
the keydisk /dev/sd1a . Say /dev/sd1a's contents were compromised. How
do you generate a new one without needing to wipe /dev/sd0a .
I.e. exactly the same as "-P" but for the keydisk usecase.
(Of course the old keydisk/password is needed at replacement time.)
Thanks,
Tinker
