On Tue, Dec 20, 2016 at 10:22 AM,  <jonbrownmaste...@gmail.com> wrote:
> it wouldn't require external services like TOTP and other variations.

The reason TOTP isn't useful is not specifically because it requires
an external service, but because the passphrase to be used on the next
boot is not known the previous time the computer is running, so it can
not re-encrypt the disk with the next passphrase. (Or really,
re-encrypt the key that key that encrypts disk - re-encrypting the
whole disk is simply too large of an operation.)

The reason things like HOTP or S/KEY are viable is because each next
passphrase is predictable when knows the secrets they are derived
from.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_Dc0AxZY7P6M4KS08p8%2ByQMUiAw2DM3ApU4wwkqzP5cjg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to