On Tue, Dec 30, 2025, at 23:24, Steve Simon wrote: > when i used plan9 full time i kept a usb stick containing my encrypted > secrets (in factotum format) plugged into my terminal. > i added a clause to my profile to prompt for the password to decrypt it > and push the text (via read -m) into /mnt/factotum/ctl. > > (all from memory, so it may be inexact) > > how would the proposed device improve on this? - honest question.
For protocols like dp9ik or ssh, your secrets would never leave the device. Even if an attacker gained the ability to dump all the memory on your system, they wouldn't be able to recover your keys. They would need physical access to your hardware factotum, and then they would need to overcome whatever read/write protections the hardware device allegedly has. Honestly, my own motivations are not security related. I just think it's cool. I like the idea of attaching a little computer to my computer to extend it with almost zero configuration. One could imagine a class of USB devices that only speak 9P, which operating systems would automatically mount when they're plugged in. In the same vein, I'm interested in adding 9p over virtio-vsock support to 9front, as a zero-config way for a hypervisor to expose a factotum, or a /dev/draw, to a 9front guest. Factotum is just one of the (famous last words) easier functions to offload; its API surface is small, its messages are small, and its performance requirements are modest. David ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-M720e7a7a8f75b109572ba59b Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
