-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote: > On Tue, Dec 20, 2016 at 10:22 AM, <jonbrownmaste...@gmail.com> wrote: > > it wouldn't require external services like TOTP and other variations. > > The reason TOTP isn't useful is not specifically because it requires > an external service, but because the passphrase to be used on the next > boot is not known the previous time the computer is running, so it can > not re-encrypt the disk with the next passphrase. (Or really, > re-encrypt the key that key that encrypts disk - re-encrypting the > whole disk is simply too large of an operation.) > > The reason things like HOTP or S/KEY are viable is because each next > passphrase is predictable when knows the secrets they are derived > from.
In addition to all the points you've raised, there is one more: it's hard to make OTP really one-time in AEM threat model. If someone gets physical access to your hardware, he/she can make an offline copy of the (encrypted) hard drive. And then, when you enter your OTP and it gets intercepted by evil-maid type attack, it doesn't matter that the password can't be used again on your machine. It will work for the offline disk copy made earlier. If you combine it with some TPM-based sealing, you only raise the bar by requiring the decryption happen on the same hardware. The key point of *AEM* is authentication computer to its user (before entering the password), not the other way around. Adding some sort of 2FA may make sense, but it's orthogonal to AEM. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYWaeGAAoJENuP0xzK19csDVcH/RRxgHGZmTPZ6GTWWF0Pm7Ch Keijenz6RYeTGEJx7Uvbfog7VKvd7u9TJQW4zsxGl6FjU6Vu7zSHtJgoLD1Vc65P d3dFbnrTL76CPELe9gTnxngBKTZstWGxOFGB3m7Tiwrs2/fl9BRoIyEI9vE43DWK bbRhnupK7kYJidCGDugmprVBqoIYvm24fLUDbO9rY1eJYp5nqrtO13U7HBto4w+V Z2QzUFKZsXZzyl4d/3kil97rwMCIedFds7lgDSQ9dupEkTRiF2L7TZnBgOCL2iLA sUKTD89O4cMDwNSC8DQneWNxJh+3lh+esJGU5gGIF9/DD0l73ZuSBO2sQhwGIDM= =qhNk -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161220214957.GA15128%40mail-itl. For more options, visit https://groups.google.com/d/optout.