On 11/6/23 17:01, tetrosalame wrote:
> Il 05/11/2023 12:16, misc@phosphorus.com.br ha scritto:
> [...]
>> Now I use FDE with a keydisk, but would like to protect the bootable
>> system with a keydisk + passphase (something you have + something you
>> know).
>>
>> Any chance doing this directly using bioctl ?
>
> I don't think so: softraid's on-disk volume key can be encrypted with
> a keydisk or with a passphrase. Not both of them.
> See this recent explanation written by Stefan Sperling:
> https://marc.info/?l=openbsd-misc&m=168500028802972&w=2
@https://marc.info/?l=openbsd-misc&m=168500028802972&w=2
>It is not yet possible to encrypt a key disk with a passphrase, which would
>provide two-factor authentication. There is no technical reason which would
>prevent this from being implemented, it just hasn't been done.
Thanks. Will take a look in the code.
No comments:
Post a Comment