You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When connecting a drive encrypted with a password different from the boot password, Windows would prompt me to format it, and I'm afraid one day I'll make the mistake of clicking on the wrong button.
I could run a script on boot to add those passwords to the password cache with dccon.exe, but that comes with an obvious flaw: the passwords are stored in plain text that can be read by any program with sufficient permission to read the script file.
To avoid this terrible practice of storing passwords in plain text, I need:
A way to encrypt any string (password) with the boot password (is XOR strong enough for this use-case?)
A new command-line switch to allow dccon.exe to accept an encrypted password, decrypt it, and add it to the cache.
Or even better:
Allow embedding other (encrypted) passwords into the bootloader.
When the correct boot password is entered, decrypt the embedded passwords and add them to the cache.
This enables the drive to be ready on boot, which should be more useful and user-friendly.
I can't simply use the same password for all the drives because I need them to work with systems encrypted with different passwords.
The text was updated successfully, but these errors were encountered:
I just thought of something that I'd like to add: the bootloader supports "boot from first partition with appropriate password", which means there could be multiple different valid boot passwords. This needs to be considered when choosing the encryption key for the suggested "encrypted password cache".
When connecting a drive encrypted with a password different from the boot password, Windows would prompt me to format it, and I'm afraid one day I'll make the mistake of clicking on the wrong button.
I could run a script on boot to add those passwords to the password cache with dccon.exe, but that comes with an obvious flaw: the passwords are stored in plain text that can be read by any program with sufficient permission to read the script file.
To avoid this terrible practice of storing passwords in plain text, I need:
Or even better:
This enables the drive to be ready on boot, which should be more useful and user-friendly.
I can't simply use the same password for all the drives because I need them to work with systems encrypted with different passwords.
The text was updated successfully, but these errors were encountered: