Feature request: allow adding passwords in encrypted form / embed other passwords in the bootloader for auto-mounting

[RadarNyan]

When connecting a drive encrypted with a password different from the boot password, Windows would prompt me to format it, and I'm afraid one day I'll make the mistake of clicking on the wrong button.

I could run a script on boot to add those passwords to the password cache with dccon.exe, but that comes with an obvious flaw: the passwords are stored in plain text that can be read by any program with sufficient permission to read the script file.

To avoid this terrible practice of storing passwords in plain text, I need: 1) A way to encrypt any string (password) with the boot password (is XOR strong enough for this use-case?) 2) A new command-line switch to allow dccon.exe to accept an encrypted password, decrypt it, and add it to the cache.

Or even better: 1) Allow embedding other (encrypted) passwords into the bootloader. 2) When the correct boot password is entered, decrypt the embedded passwords and add them to the cache. This enables the drive to be ready on boot, which should be more useful and user-friendly.

I can't simply use the same password for all the drives because I need them to work with systems encrypted with different passwords.

[PanoptesDreams]

This is the same thing I encountered recently and can't figure how to overcome it.

I'm guessing once 1.3 fully releases, this or some other solution may come to light.

Unless anyone already has a solution for this?

[DavidXanatos]

mmh... an encrypted password cache, I like the idea, will put it on my todo for one of the next builds.

[RadarNyan]

I just thought of something that I'd like to add: the bootloader supports "boot from first partition with appropriate password", which means there could be multiple different valid boot passwords. This needs to be considered when choosing the encryption key for the suggested "encrypted password cache".