Quoting Fredrik Thulin ([email protected]): > On Mon, Apr 11, 2011 at 1:15 AM, Serge Hallyn <[email protected]> > wrote: > > Cool, looking forward to it. You might also push some test python code > > which does the same steps for people to play with. > > That's an excellent idea. I've added > examples/rolling_challenge_response to python-yubico. > > To try it out : > > $ git clone git://github.com/Yubico/python-yubico.git > $ cd python-yubico/ > $ export PYTHONPATH="Lib" > $ ./examples/rolling_challenge_response --filename foo --verbose --init
Awesome, thanks, I'll try this out tonight. ... > The demo is usable without a YubiKey too, but then you have to > copy-paste the expected response manually (of course only shown on > screen for demo purposes). Well I don't know - for all my feigned bravado about not caring about remote access to ecryptfs files, in fact I probably will want to do it remotely. In the end it'll probably get automated, but at first I expect to just copy/paste challenge/response between ssh session and host. > > In fact, you seem to be focusing on people doing full home directory > > encryption - and that's fine as I suspect that's the model we as a > > whole are trying to push. But please consider users like me, who > > have $HOME unencrypted with several separate ecryptfs dirs spread > > about. (See the new options to mount.ecryptfs_private.c in > > natty's ecryptfs-utils) > > You're right. Thanks for reminding me. I'll check the new things in Natty out. > > > So I guess, for my own use, I'd actually just want to stick with a > > non-changing wrapping key, so that I can support 5 (for example) > > different ecryptfs directories with different passphrases. For > > that case, I'd actually want to use your current model! :) > > You should be able to use rolling challenges for that model too, with > one 'state file' per encrypted directory, right? Yup, I see no reason why not. thanks, -serge _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
