Information leakage has recently become a serious problem. Because a user's disk might contain a lot of confidential information, it should be encrypted and the encryption key protected securely. Disk security has been improved by storing the encryption key in a hardware token such as a smart card or USB device. There must be some way to recover the encryption key when the token is lost, but to prevent information leakage the encryption key should not be known by the system administrator and should not be able to be recovered by malicious users inside the system. Here we describe a scheme that can limit key recovery when the user's smart card is lost and can do so without the administrator knowing the key. The smart card is used for generating the key and for improving the user authentication.