-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-12 06:53, Holger Levsen wrote: > On Sun, May 07, 2017 at 12:23:47PM -0500, Andrew David Wong wrote: >> 1. LUKS passphrase 2. Backup passphrase 3. Screen locker >> passphrase Managing these three allows me to have an arbitrary >> number of additional secrets in VMs without having to remember >> anything else. > > you really dont protect your gpg key with a passphrase?? >
See: https://www.qubes-os.org/doc/split-gpg/ > and I assume you dont change the backup passphrase, because it > needs to be high entropy, despite being visible with "ps fax"… > Why is that a problem? It's only visible in dom0. If an attacker is in dom0, it's already game over. Tracked here, BTW: https://github.com/QubesOS/qubes-issues/issues/1582 > I'm really not convinced this is a good setup, though of cause > everything depends on the thread model! :-) > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZF2SYAAoJENtN07w5UDAwMf0P/1YRlQPo/C0/eUd1M/ZOjk+c 0niJvtOEQkJoo4QrOZqdJ/9CZa3KUYKlH6ktkzbg4TjrODgqRiffPhtTYmTmfxTL 8CMdD4HWSvXVLt4SEJYuX81NwS0BioHqk0lY5bA9dQCDFdb29O4cUvUX43h1+0Je hQSK4Rcytp8vjelGSPTT9qDzMuVHu6tpUgYIYTwGPS67aeeVvnlT6VY6Q+QfUGr6 +GQWvGkspxTRg3ASml1UtMd4vglxkKvlwmVJTziY0IE/TN50xiTaXIVAvgyVQnf/ hn2gAyn2o5+ciP7Od18XhfXIlqcb8+R5Vn2nvyXtLAJP0zouNGtGDUiACAXXVFJ2 gwpP1yD/e0nmqsUMVYdG2GtuLKF1Y0fxtHswQpnHiPKP6N6hwcqmuRhgnN/GRlGS jmcQWEETw3zEa/CwOiSyJhwVLxx8nHEjxTRnci2P7L9DHiXJTG+isZQ0innHSXV7 kHmv12Bf4pnpyxilpgDfJH7epZYuMWK1cUwDBDzEOvaH3ScHQyxU9rRd8sDYKlZO 28aK9NgT0xo6DTjgcLh+4z6ph5phrH2pRzrdniyCAyP79nDI4wBC3/bj/Q68aCij q7jiQH5KxKxXNlr06DhNS4nGK0ugok0q1J5GFZtp4RIrktfopkEF8H4rrn2efoxa vx2NzWi4br54hWbhS0RF =Vyk2 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0db7489c-30ab-d905-92dd-e749c56bdc7a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
