Quoting Dustin Kirkland ([email protected]): > On Wed, Apr 13, 2011 at 4:18 AM, Fredrik Thulin <[email protected]> wrote: > > I think I've asked before but do not remember if it was answered...
I don't remember you asking before, but > > what do you think about a scheme where the user has (any combination > > of) the file ~/.ecryptfs/wrapped-passphrase just like today, > > ~/.ecryptfs/wrapped-passphrase.yubikey-123456 with the mount > > passphrase protected using challenge-response involving YubiKey with > > serial number 123456 (just as an index, to be able to have multiple) > > and ~/.ecryptfs/wrapped-passphrase.pgp for a PGP encrypted version and > > ... > > > > That would be a way to reduce the likelihood that a user > > looses/corrupts their mount passphrase, while of course increasing the > > risk of the user's mount passphrase being stolen (bad PGP passphrase > > or something). > > Personally, I think I like this scheme. The code changes in > ecryptfs-utils would be fairly localized, and safe, I think Yup it's exactly what I was suggesting. I think this is the right thing to do. -serge _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
