On Wed, Oct 23, 2019 at 7:45 PM Normen Wohner <normen@wohner.eu> wrote:
>
> To enable two factor encryption?
> One passcode is in his head the other on a key.
> If either is missing the data on drive is unreadable.
> I don't know what is hard to understand about it.
> In an ideal world you'd use the manual passcode
> to decrypt the keydisk and then the keydisk
> to decrypt the fs.
> You should also not be able to tell
> whether the keydisk was in fact encrypted,
> the bootloader should try and on failure ask
> for a passcode, not expect there to be some
> 'RSA-2048' written at the end.
> It's hard for me to understand why nobody asked for this sooner.
>
You could just use a passphrase on the original disk to the same
effect. No sense over-complicating things.
> > Am 22.10.2019 um 23:43 schrieb Aaron Mason <simplersolution@gmail.com>:
> >
> > On Wed, Oct 23, 2019 at 5:11 AM List <list@md5collisions.eu> wrote:
> >>
> >> I'm sorry I might have not been so clear about it. I meant a way to
> >> encrypt the actual keydisk with a passphrase.
> >>
> >> On 2019-10-18 13:34, Jan Stary wrote:
> >>>>>> On Wednesday, October 16, 2019 11:06 PM, List <list@md5collisions.eu> wrote:
> >>>>>>> I was wondering if there is a reason for the lack of keydisk encryption.
> >>> $ man bioctl
> >>> # bioctl -h -v -c C ...
> >>>
> >>
> >
> > To what end? At some point you're going to have to store the
> > passphrase somewhere it can be easily read, and all you've really
> > achieved is a way to, at best, slow down a potential attacker.
> >
> > --
> > Aaron Mason - Programmer, open source addict
> > I've taken my software vows - for beta or for worse
> >
>
(NOTE: Just realised I sent this directly to Normen rather than the
list. Sorry for the noise, Normen.)
--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse
--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse
No comments:
Post a Comment