subject:"\"bioctl \-P\" is to change passphrase without wiping the encrypted partition's contents. How do you generate a new keydisk without wiping thesame\?"

Re: "bioctl -P" is to change passphrase without wiping the encrypted partition's contents. How do you generate a new keydisk without wiping thesame?

2015-11-20 Thread Ted Unangst

Tinker wrote: > Ah, and maybe equally importantly, what are the security ramifications > of changing password/keydisk vs. wiping and installing from scratch with > a new password/keydisk? The master key, which the data on disk is encrypted with, is masked with your password. The master key

Re: "bioctl -P" is to change passphrase without wiping the encrypted partition's contents. How do you generate a new keydisk without wiping thesame?

2015-11-20 Thread Tinker

Aha. *Is* the keydisk the master key, and hence can't be changed? Very low priority topic: What about implementing some routine for regenerating the master key, even if that would imply reprocessing *all* of the disk's contents? That could be beneficial in a place where you don't have the