On Saturday, August 27, 2016 at 1:50:22 PM UTC-7, [email protected] wrote: > BTW, keepassx rocks. I'm working on some scripts to make it a little less > painful with all the Ctrl-Alt-C and Ctrl-Alt-V'ing (which also conflicts > with the standard konsole paste shortcuts).
I have no problem with the special cut/paste. Doesn't mean I don't screw it up on occasion, but I do like the assurance of having to do the step Actually you betray yourself with the correct solution above; the Qubes shortcut to copy/paste between VM's is Ctrl-Shift-C/V which conflicts. I, like you, map that to Ctrl-Alt-C/V so no conflict. I've wondered why that isn't the default since the other is such an obvious conflict. > Using keepassx on Tails is so much more streamlined, without the extra > level of copying/pasting. It'd almost be nice if there were some explicit > dom0 support for it somehow. Yeah but Tails suffers from the same thing other OS's do which is one big system. So if it was theoretically compromised your streamlined copy/paste is exactly what you don't want. Nothing you don't know, but I don't want the inter-VM copy/paste to change a bit. It's a small burden for a huge benefit. It also has an additional benefit of each VM having it's own Paste buffer, which ends up being very convenient. > > Agreed. I keep my keepass database on one removable device, with a > keyfile on a separate removable device plus a password. Some cowardly > creep/crook wants to tamper with my system while I'm out, they're not > going to get very far. I'd argue that your actually less secure with that scheme. Johanna made some comments to that effect, what you are doing is a kind of air-gapping, but you have a large attack surface through USB. If an Evil Maid controls your system it does you no good to bring in your passwords on a USB. So, if you're really concerned with that you should be implementing Anti-Evil-Maid on your system as the only defense - not keeping passwords separate. > Since moving to that approach, I've noticed a lot more "noise" from the > ones I suspect of being involved in my harassment. Ironically, probably a > good sign. OH, OK then you have a situation with a probably not too computer sophisticated opponent. Never mind then. > But having individual keys for each VM would go further towards one > stated goal of disallowing each VM or dom0 from being able to snoop on > each other. > That should only be useful against Qubes bugs which allow sibling VM peeking, but otherwise doesn't help. > Right now, the overall dom0 filesystem is encrypted, which is cool, but > nothing beyond that, unless you do it yourself. Yeah, more passwords are > a pain, but if you choose to do so in the name of security, it'd be nice > if the Manager supported it. The main problem with it is that the Qubes team is busy and underfunded enough to work on that feature. Their time is better spent making sure there are no chance of sneaky/peaky. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ff6fec9-f5f4-4741-a77f-d3ca4acd49f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
