Branch: refs/heads/master
Home: https://github.com/NixOS/nixpkgs
Commit: 433774c6088501f53b36ddac5811ff63784ae75c
https://github.com/NixOS/nixpkgs/commit/433774c6088501f53b36ddac5811ff63784ae75c
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-24 (Fri, 24 Jan 2014)
Changed paths:
A pkgs/development/libraries/libyubikey/default.nix
M pkgs/top-level/all-packages.nix
Log Message:
-----------
Add libyubikey (aka yubico-c) package
Commit: 8f9300fb0ee63c2e0ebc0080346c15dbb26a72ee
https://github.com/NixOS/nixpkgs/commit/8f9300fb0ee63c2e0ebc0080346c15dbb26a72ee
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-24 (Fri, 24 Jan 2014)
Changed paths:
A pkgs/applications/misc/ykpers/default.nix
M pkgs/top-level/all-packages.nix
Log Message:
-----------
Add ykpers (aka yubikey-personalization) package
Commit: 333f5caaf91ce1c28586483774a60bf385e19a32
https://github.com/NixOS/nixpkgs/commit/333f5caaf91ce1c28586483774a60bf385e19a32
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-24 (Fri, 24 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Implement authentication for a LUKS device with a yubikey (HMAC-SHA1);
supports simple challenge-response and two-factor authentication
Commit: 407a77016162958c743bbf354465e0396c32ecc0
https://github.com/NixOS/nixpkgs/commit/407a77016162958c743bbf354465e0396c32ecc0
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-27 (Mon, 27 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Rewrite as a pre-boot authentication module (mostly) comforming to the design
specification of
'YubiKey Integration for Full Disk Encryption Pre-Boot Authentication
(Copyright) Yubico, 2011 Version: 1.1'.
Used binaries:
* uuidgen - for generation of random sequence numbers
* ykchalresp - for challenging a Yubikey
* ykinfo - to check if a Yubikey is plugged in at boot (fallback to
passphrase authentication otherwise)
* openssl - for calculation of SHA-1, HMAC-SHA-1, as well as AES-256-CTR
(de/en)cryption
Main differences to the specification mentioned above:
* No user management (yet), only one password+yubikey per LUKS device
* SHA-512 instead of CRC-16 for checksum
Main differences to the previous implementation:
* Instead of changing the key slot of the LUKS device each boot,
the actual key for the LUKS device will be encrypted itself
* Since the response for the new challenge is now calculated
locally with openssl, the MITM-USB-attack with which previously
an attacker could obtain the new response (that was used as the new
encryption key for the LUKS device) by listening to the
Yubikey has ideally become useless (as long as uuidgen can
successfuly generate new random sequence numbers).
Remarks:
* This is not downwards compatible to the previous implementation
Commit: 45b1ffb8dba869b48b51daf72db5f73c960dd8f3
https://github.com/NixOS/nixpkgs/commit/45b1ffb8dba869b48b51daf72db5f73c960dd8f3
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-28 (Tue, 28 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Cosmetic change to yubikey detection
Commit: cce9712331e7470aa891dc66d0aa28255d582e97
https://github.com/NixOS/nixpkgs/commit/cce9712331e7470aa891dc66d0aa28255d582e97
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-29 (Wed, 29 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Enable two-factor authentication by default. Add proper descriptions to
attributes.
Commit: 20cfaf0faaef3fe3115275aa64b26b634f0108f0
https://github.com/NixOS/nixpkgs/commit/20cfaf0faaef3fe3115275aa64b26b634f0108f0
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-29 (Wed, 29 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Change the crypt-storage file to be hex encoded instead of raw binary. To
update from the previous configuration, convert your crypt-storage file from
raw binary to hex.
Commit: e96f58ef5cdbb28cd4efe1b5f7bc532b9ae55b58
https://github.com/NixOS/nixpkgs/commit/e96f58ef5cdbb28cd4efe1b5f7bc532b9ae55b58
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-29 (Wed, 29 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Implement muli-user authentication for yubikey pba, i.e. multiple users can
now share a single luks keyslot.
This is achieved by having multiple lines per storage file, one for each user
(if the feature is enabled); each of these
lines has the same format as would be the case for the userless authentication,
except that they are prepended with a
SHA-512 of the user's id.
Commit: b0d2f0e3f04a74e847dee898bf4c73767c986dfc
https://github.com/NixOS/nixpkgs/commit/b0d2f0e3f04a74e847dee898bf4c73767c986dfc
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-29 (Wed, 29 Jan 2014)
Changed paths:
M lib/maintainers.nix
M pkgs/applications/misc/ykpers/default.nix
M pkgs/development/libraries/libyubikey/default.nix
Log Message:
-----------
Add myself as a maintainer for ykpers and libyubikey
Commit: 7bf94cadad5c416375c3e5dfd46f31a81b76ea05
https://github.com/NixOS/nixpkgs/commit/7bf94cadad5c416375c3e5dfd46f31a81b76ea05
Author: Moritz Maxeiner <[email protected]>
Date: 2014-01-29 (Wed, 29 Jan 2014)
Changed paths:
M nixos/modules/system/boot/luksroot.nix
Log Message:
-----------
Add library dependencies explicitly
Commit: 2062abfd4f0d9c6d80439db9e3140fc24ae2477a
https://github.com/NixOS/nixpkgs/commit/2062abfd4f0d9c6d80439db9e3140fc24ae2477a
Author: Petr Rockai <[email protected]>
Date: 2014-01-29 (Wed, 29 Jan 2014)
Changed paths:
M lib/maintainers.nix
M nixos/modules/system/boot/luksroot.nix
A pkgs/applications/misc/ykpers/default.nix
A pkgs/development/libraries/libyubikey/default.nix
M pkgs/top-level/all-packages.nix
Log Message:
-----------
Merge branch 'yubikey' of git://github.com/Calrama/nixpkgs
Compare: https://github.com/NixOS/nixpkgs/compare/7c24880b4c6f...2062abfd4f0d_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
