> On Saturday, August 27, 2016 at 1:50:22 PM UTC-7, johny...@sigaint.org > wrote: >> BTW, keepassx rocks. I'm working on some scripts to make it a little >> less >> painful with all the Ctrl-Alt-C and Ctrl-Alt-V'ing (which also conflicts >> with the standard konsole paste shortcuts). > > I have no problem with the special cut/paste. Doesn't mean I don't screw > it up on occasion, but I do like the assurance of having to do the step > > Actually you betray yourself with the correct solution above;
Speaking of "betraying yourself," that's why I am working on a few scripts. More than once, I've thought I've copied they URL (from sigaint, for example) and gone to paste it, but I copied/pasted the password instead into the URL bar. D'oh! Even if I didn't load the page, with SIGINT stuff, I don't like having my password show up on the screen. Some scripts to let keepassx in a non-network VM interact with a networked VM's browser could avoid such betraying-yourself screwups. A few Qubes features are described as not protecting you from others, but protecting you from yourself. This falls into that category, IMO. > the Qubes > shortcut to copy/paste between VM's is Ctrl-Shift-C/V which conflicts. I, > like you, map that to Ctrl-Alt-C/V so no conflict. I've wondered why that > isn't the default since the other is such an obvious conflict. Agreed. It's way too obvious a conflict. There's just not enough key combos on the damn keyboard it seems sometimes. :) >> Using keepassx on Tails is so much more streamlined, without the extra >> level of copying/pasting. It'd almost be nice if there were some >> explicit >> dom0 support for it somehow. > > Yeah but Tails suffers from the same thing other OS's do which is one big > system. So if it was theoretically compromised your streamlined copy/paste > is exactly what you don't want. I'm a bit torn on that issue. Calling it "one big system" when Qubes is arguably more complex, I'm not sure is correct. I guess it depends upon your perceived threats. There have been times when things got "weird" on Qubes, and retreating to a Tails DVD-rom felt safer. But the Xen-on-top (with IOMMU protection against DMA attacks, etc.) ultimately should be safer. So confusing at times. > Nothing you don't know, but I don't want the inter-VM copy/paste to change > a bit. It's a small burden for a huge benefit. It also has an additional > benefit of each VM having it's own Paste buffer, which ends up being very > convenient. I hear ya. Right now, I *trust* the inter-VM copy/paste mechanism. I don't want features introduced that make it more complex/less trustworthy. And I think the tools are there with qrexec and the permissions system implemented to do what I want it to do, without changing the core. So yeah. :) If it's working, don't break it. >> Agreed. I keep my keepass database on one removable device, with a >> keyfile on a separate removable device plus a password. Some cowardly >> creep/crook wants to tamper with my system while I'm out, they're not >> going to get very far. > > I'd argue that your actually less secure with that scheme. Johanna made > some comments to that effect, what you are doing is a kind of air-gapping, > but you have a large attack surface through USB. Trust me, every time I hear those three letters, U.S.B., I think "security compromise." Why they ever let programmable firmware and stuff into the mix totally escapes me. If WW3 every happens, I swear it will be triggered by some USB security screwup. :) I actually load most of my keys off of 3.5" diskettes. :) Sometimes retro feels more secure, less hackable. > If an Evil Maid controls > your system it does you no good to bring in your passwords on a USB. No TPM here, just BIOS, so I don't think anti-evil-maid is something that applies to me. I could be wrong, need to research it more personally. I have a couple of personal anti-tampering approaches I use myself in lieu of that, which I might suggest as additions to Qubes at some point; but I won't talk about them just yet. > So, > if you're really concerned with that you should be implementing > Anti-Evil-Maid on your system as the only defense - not keeping passwords > separate. I'll read up on that more. Can't afford a maid, but I think there are other evil actors about. :) >> Since moving to that approach, I've noticed a lot more "noise" from the >> ones I suspect of being involved in my harassment. Ironically, probably >> a >> good sign. > > OH, OK then you have a situation with a probably not too computer > sophisticated opponent. Never mind then. The biggest mistake I've made (repeatedly) is underestimating the opponent. I have been totally naive throughout a lot of the grief. (In reality, I think there's a mix: one or more sophisticated opponents; and mostly likely expensive hired help. And one or more obviously not-to-sophisticated actors, that make obvious screw-ups now and then. Which makes things all more interesting.) >> But having individual keys for each VM would go further towards one >> stated goal of disallowing each VM or dom0 from being able to snoop on >> each other. >> > That should only be useful against Qubes bugs which allow sibling VM > peeking, but otherwise doesn't help. The more I think about sibling-VM-peeking, the less I think it's a threat. I've argued against this type of thought before, but if inter-VM-peeking succeeds somehow, you're pretty much screwed overall on the system. (Inter-VM peeking is pretty much a dom0 escalation, in essence.) >> Right now, the overall dom0 filesystem is encrypted, which is cool, but >> nothing beyond that, unless you do it yourself. Yeah, more passwords >> are >> a pain, but if you choose to do so in the name of security, it'd be nice >> if the Manager supported it. > > The main problem with it is that the Qubes team is busy and underfunded > enough to work on that feature. Their time is better spent making sure > there are no chance of sneaky/peaky. Understood. And I hope to help contribute to their efforts someday in some small way, to help with that situation. As mentioned, simply having a separately encrypted device (sadly, often USB) that one can attach to a VM, addresses most of my desires for individual VM filesystem encryption. I really don't keep anything of value or interest on the VM's private filesystem. (Nor do I really have anything of value or interest at all, lol. I just want some peace of mind and privacy.) Appreciate the response and the thoughts. Cheers. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de152a0e7f72794f68a14b7bec1e9616.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.