I want to add a separate account or accounts to use as chroot accounts for an FTP server, and I want to use different passwords for these accounts. I know the AES-128 key used by FileVault is calculated from the password, so will using a new password cause FileVault to try to encrypt using a different key, making the ciphertext inconsistent? Or does FileVault calculate the key based on the password you used when you first encrypt the hard drive? I'm not sure about this, and I don't want to break my computer.
MacOS – My Macbook’s hard drive is encrypted using FileVault 2. Will adding a new user with a different password break the encryption
encryptionfilevaultmacbook promacospassword
Related Question
- How to have one password for FileValue 2 (pre-boot password) and another for the user login
- MacOS – FileVault 2 caches main password even after power off
- MacOS – How to access a FileVault-encrypted home directory with forgotten password
- MacOS – Mac OS X 10.10.5 – How to encrypt only the home folder without Apple FileVault
- MacOS – Invalid Password El Capitan with Filevault encryption
- MacOS – Convert between FileVault 2 and Disk Utility encryption
- MacOS – Can FileVault protected data be accessed if the hard drive has been NON securely wiped
Best Answer
FileVault 2 will encrypt the boot volume and allow you to unlock that volume based upon existing user accounts.
Adding a new user account on OS X El Capitan (10.11.6) will automatically add that account to FileVault 2's list of enabled users. So no, you won't revert your existing setup or remove an existing account's ability to unlock an encrypted volume.
The built-in
fdesetup
account is also very useful (requiressudo
privileges):