Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: allow adding passwords in encrypted form / embed other passwords in the bootloader for auto-mounting #82

Open
RadarNyan opened this issue Oct 24, 2023 · 3 comments
Labels

Comments

@RadarNyan
Copy link

When connecting a drive encrypted with a password different from the boot password, Windows would prompt me to format it, and I'm afraid one day I'll make the mistake of clicking on the wrong button.

I could run a script on boot to add those passwords to the password cache with dccon.exe, but that comes with an obvious flaw: the passwords are stored in plain text that can be read by any program with sufficient permission to read the script file.

To avoid this terrible practice of storing passwords in plain text, I need:

  1. A way to encrypt any string (password) with the boot password (is XOR strong enough for this use-case?)
  2. A new command-line switch to allow dccon.exe to accept an encrypted password, decrypt it, and add it to the cache.

Or even better:

  1. Allow embedding other (encrypted) passwords into the bootloader.
  2. When the correct boot password is entered, decrypt the embedded passwords and add them to the cache.
    This enables the drive to be ready on boot, which should be more useful and user-friendly.

I can't simply use the same password for all the drives because I need them to work with systems encrypted with different passwords.

@PanoptesDreams
Copy link

This is the same thing I encountered recently and can't figure how to overcome it.

I'm guessing once 1.3 fully releases, this or some other solution may come to light.

Unless anyone already has a solution for this?

@DavidXanatos
Copy link
Owner

mmh... an encrypted password cache, I like the idea, will put it on my todo for one of the next builds.

@RadarNyan
Copy link
Author

I just thought of something that I'd like to add: the bootloader supports "boot from first partition with appropriate password", which means there could be multiple different valid boot passwords. This needs to be considered when choosing the encryption key for the suggested "encrypted password cache".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants