Hash: SHA256

On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote:
> On Tue, Dec 20, 2016 at 10:22 AM,  <jonbrownmaste...@gmail.com> wrote:
> > it wouldn't require external services like TOTP and other variations.
> The reason TOTP isn't useful is not specifically because it requires
> an external service, but because the passphrase to be used on the next
> boot is not known the previous time the computer is running, so it can
> not re-encrypt the disk with the next passphrase. (Or really,
> re-encrypt the key that key that encrypts disk - re-encrypting the
> whole disk is simply too large of an operation.)
> The reason things like HOTP or S/KEY are viable is because each next
> passphrase is predictable when knows the secrets they are derived
> from.

In addition to all the points you've raised, there is one more: it's
hard to make OTP really one-time in AEM threat model. If someone gets
physical access to your hardware, he/she can make an offline copy of the
(encrypted) hard drive. And then, when you enter your OTP and it gets
intercepted by evil-maid type attack, it doesn't matter that the
password can't be used again on your machine. It will work for the
offline disk copy made earlier. If you combine it with some TPM-based
sealing, you only raise the bar by requiring the decryption happen on
the same hardware.

The key point of *AEM* is authentication computer to its user (before
entering the password), not the other way around.

Adding some sort of 2FA may make sense, but it's orthogonal to AEM.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Version: GnuPG v2


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to