31.12.2025 05:31:21 Steve Simon <[email protected]>: > when i used plan9 full time i kept a usb stick containing my encrypted > secrets (in factotum format) plugged into my terminal. > i added a clause to my profile to prompt for the password to decrypt it and > push the text (via read -m) into /mnt/factotum/ctl. > > (all from memory, so it may be inexact) > > how would the proposed device improve on this? - honest question.
That depends on your terminal and grid. Yes, the factotum process runs on your terminal, so the memory is on your machine. However, if that terminal boots off an untrusted grid and the factotum program is corrupted to send your secrets to some server, or to have debugging enabled by default, that's an attack vector. It's like using ipso in an unprotected ramfs. If factotum runs standalone on a separate machine like that USB device, the secrets can't leave that device and thus never even reach the terminal. Again, that attack vector is very unlikely in a standard environment where you control the grid, and most users will run trusted factotums in public grids, too, by using a trusted system to rcpu into that untrusted one. Other than that, security is a very personal thing. Some people can live with higher risks than others. And yes ori, it's basically reinventing TPM, just Plan 9-flavored. Have a good new year everyone sirjofri ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-Mfe84efc9c20c371ba0d199ab Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
