From 189cedf8450e7fe6597ac523e4f250c83a1a1f63 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sat, 6 Feb 2016 11:10:22 +0100
Subject: Clarify that the diagram explains the master key DEcryption process

---
 docs/security.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/security.md b/docs/security.md
index 49bfa8a..b368119 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -10,9 +10,11 @@ Master Key Storage
 
 The master key is used to perform content and file name encryption.
 It is stored in `gocryptfs.conf`, encrypted with AES-256-GCM using the
-Key Encryption Key (KEK).
+Key Encryption Key (KEK). The KEK is generated from the user password
+using `scrypt`.
 
-The KEK is generated from the user password using `scrypt`.
+When mounting a filesystem, the user is prompted for the password and
+the master key is decrypted:
 
 ![](img/master-key.svg)
 
-- 
cgit v1.2.3