On Wed, Feb 10, 2021 at 03:59:12PM +0100, Stefan Sperling wrote:
On Wed, Feb 10, 2021 at 01:00:33PM +0000, Frank Beuth wrote:
On Tue, Feb 02, 2021 at 10:50:39PM +0100, Stefan Sperling wrote:
> The idea of protecting key disks with a passphrase (two-factor auth) has
> been raised before. It has not been implemented yet, simply because nobody
> has done the work. A search of the mailing list archives should yield
> some prior discussion.
How about backup keys, so I can have a backup passphrase stored somewhere
safely that works even if I lose my keydisk?
Well, even if two-factor auth were already available, if you lose
the key disk then you should also lose access to the encrypted data.
Otherwise it's not two-factor auth. A scheme where either a passphrase
or a key disk could be used to unlock the volume would be redundant and
even dangerously confusing for users who expect actual two-factor auth.
My original question was about letting the user define behaviour between
multiple keys.
For example, having X number of key-slots representing
passphrases/keyfiles/Yubikeys/etc, and the user can define whether they
are AND (all needed to unlock) or OR (any one needed to unlock).
I suppose the theoretical ideal here would be a key-management
programming language (a derivative of LISP?) to express the desired
relationships ("unlock if ANY of these three keys, or ALL of these two,
or two from the first group and one from the 2nd") but given the human
inability to write bug-free code maybe that's a bad idea.
