On 05/12/2017 11:53 AM, Holger Levsen wrote:
> On Sun, May 07, 2017 at 12:23:47PM -0500, Andrew David Wong wrote:
>> 1. LUKS passphrase
>> 2. Backup passphrase
>> 3. Screen locker passphrase
>> Managing these three allows me to have an arbitrary number of
>> additional secrets in VMs without having to remember anything else.
> you really dont protect your gpg key with a passphrase??
qubes-pass will prompt you for your GPG key passphrase using the GPG
agent, just as you'd expect it.
>
> and I assume you dont change the backup passphrase, because it needs to be
> high
> entropy, despite being visible with "ps fax"…
>
> I'm really not convinced this is a good setup, though of cause everything
> depends on the thread model! :-)
Do please present an attack model and I can then reason with you whether
it is covered by the setup or not.
Note that the qubes-pass setup is *exactly the same* as the Qubes GPG
model, and intended to protect against the same attacks.
--
Rudd-O
http://rudd-o.com/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e2b2bc61-1ffc-9945-5f62-c8f49f49889b%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.
