Hacker News: mateusz834https://news.ycombinator.com/user?id=mateusz834Hacker News RSShttps://hnrss.org/hnrss v2.1.1Tue, 14 Apr 2026 20:58:24 +0000<![CDATA[New comment by mateusz834 in "Bypassing disk encryption on systems with automatic TPM2 unlock"]]>Wouldn't this work with some kind of PKDF instead?

Like: Password ---> PKDF ---> PIN

And then Password XOR (Key from TPM) -> LUKS

But i guess this kind of logic is not for a bootscript, but for tools like systemcd-cryptenroll.

]]>Fri, 17 Jan 2025 11:39:40 +0000https://news.ycombinator.com/item?id=42736505mateusz834https://news.ycombinator.com/item?id=42736505https://news.ycombinator.com/item?id=42736505<![CDATA[New comment by mateusz834 in "Bypassing disk encryption on systems with automatic TPM2 unlock"]]>Personally i would like a way to use TMP2 (with PIN) + password. (i.e. mode where PIN is derived from the password, but is also used to encrypt), so that i do not have to trust the TPM manufacturer.

]]>Fri, 17 Jan 2025 11:06:34 +0000https://news.ycombinator.com/item?id=42736293mateusz834https://news.ycombinator.com/item?id=42736293https://news.ycombinator.com/item?id=42736293