Comment Re:Clarification (Score 1) 277
you would use the HSM (or a usb key on a trusted computer with your passwords, for lower security scenarios, say, where you have a colo and/or don't want to buy an hsm) to 'prime' the system to avoid having the issue where you either have to leak a little bit of info or you don't know for sure if the first few users' passwords are correct or not right after a reboot, as part of the reboot process you would log in in turn with all these known usernames/passwords in order to get the system up to an initialized state so it can validate 'real' users properly.