On Tue, Dec 20, 2016 at 10:22 AM, <jonbrownmaste...@gmail.com> wrote: > it wouldn't require external services like TOTP and other variations.
The reason TOTP isn't useful is not specifically because it requires an external service, but because the passphrase to be used on the next boot is not known the previous time the computer is running, so it can not re-encrypt the disk with the next passphrase. (Or really, re-encrypt the key that key that encrypts disk - re-encrypting the whole disk is simply too large of an operation.) The reason things like HOTP or S/KEY are viable is because each next passphrase is predictable when knows the secrets they are derived from. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_Dc0AxZY7P6M4KS08p8%2ByQMUiAw2DM3ApU4wwkqzP5cjg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.