-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Jun 16, 2017 at 01:47:25PM +0000, Rusty Bird wrote: > Hi everyone, > > What do you think about getting rid [1] of .png image secret support in > the next major version of Anti Evil Maid? This would offset some of the > increase in complexity incurred by the upcoming TOTP/keyfile support, in > addition to other benefits: > > - Considering that AEM is a security oriented feature, it's kind of bad > to implicitly encourage the user to copy a complex image format from > some VM to dom0 - where it will be parsed during boot. (It would be > possible to build something [2] secure using the qubes.GetImageRGBA > RPC service, but I don't know if anyone's particularly interested in > working on that.) > > - .png support is hacky and weird: We show text secrets in the current > dialog, but images appear in the *next* dialog. And text secrets are > cleared from the screen as soon as possible, whereas image secrets > stay visible until Plymouth finishes. > > For users who prefer the more visual approach, we could tweak the > Plymouth theme to use a monospace font for text secrets. That should > make ASCII art a viable replacement for conventional images.
I think PNG support is a nice half-measure against shoulder surfing - details on the image are harder to copy/remember (or even photograph with a small camera), than some text. When we get some better alternative, we can drop PNG. > 1. > https://github.com/rustybird/qubes-antievilmaid/commit/4e45af289d0e651a380f3182cb07901a3002905f > > 2. Similar to the WIP dom0 wallpaper service: > https://github.com/QubesOS/qubes-issues/issues/215 > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZRszfAAoJENuP0xzK19csNPQIAI8ihNjr2yQsvWqJNdW0IjDa Qy5JeFu89Xu0/YzqiyRb887q2RgnKBc+jwdQO+KypuFeLNVXvNvLOfwZA9Tx3NGW zN3bqNmTdS9rNYo5qDvqgsdxNuGcHpfJlHwkIl97EulZZS1Y5jG+FT2p2U/x75GK 3X7kJmuPPCwSEhUD14j3URlsNWDVJi9MQST4q+XgXvmUOhtSr1h5TkKrWDyR3VXD Dj1O2CXwVpyClf/IxU5mt6o60iL6cCDzvSFhMOEsaHzKZxkXDXe1Y7DdVIv7GU65 35rWmr6p842H6L+JeFXuUg8eLSsCfWuPof72BWveVLNH7pNnTxZnkQyIX8xwxmc= =Lp1V -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170618185630.GA8758%40mail-itl. For more options, visit https://groups.google.com/d/optout.
![Re: [qubes-devel] AEM: Should we drop .png support?](/search?l=qubes-devel@googlegroups.com&q=subject:%22Re%5C%3A+%5C%5Bqubes%5C-devel%5C%5D+AEM%5C%3A+Should+we+drop+.png+support%5C%3F%22&o=newest){kind=link}
