-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Micah Lee: > How hard would it be to build a Qubes version of Soft U2F that stores > the secret in a separate VM, similar to split gpg? This could make using > U2F much more usable and secure inside of Qubes, I think.
I suppose the most secure way (which avoids the USB protocol's attack surface) would be to have the separate VM implement only the "high level" U2F device, connect it to the browsing VM via qrexec, and then hook that up the browser (either by emulating a USB device, or via a specialized browser extension). Someone could probably do this by cannibalizing e.g. virtual-u2f [1]. If the website supports TOTP as well, and you're okay with Tor Browser or Firefox, you may be interested in Split Browser [2]. Its TOTP login is almost as slick - Ctrl-Shift-Enter to request logging in, Enter to confirm. Rusty 1. https://github.com/mplatt/virtual-u2f 2. https://github.com/rustybird/qubes-split-browser -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJZd6pCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfjm0QAI8yXlDCeycu0a6bwyGiTuHL BT+9Ej8xWeKdLgAf61/kagSBn12M+w8aCpX/ZNjOSHMCl5j8mn+OLz0KpMivP1CL rXakk9thv9DMh2MemvtTzaVpI4Zf50yvZG9kHFj0oT9Y+aEIuClj+lOmwmVKQ3Xi iSZeu6uWwUNbUlRZ0hQgLJULd/H4uFkQyqzpAa9kC75KsgEZ/zwORUloO4JJZO7/ 5YOw18/WH7k+X4XMLyNlTHmLI8NcG35R91t7yDSBrSxr6VQroj1QPEDW2rtESgkb YuxlspIB3g+MzS+oXk3OSA/9ew5rMC4gp/Lk0vDtTTdA9HoY+YDnD93Xi54FBqJR TjcVL8ODM3pTI2RYkQxOCqCxj4t8nXr18GzvNshNSfbUvZRFgOc7lnhkS8xnf1eW nVbVcZV8yvv0uCslYrnWb451EAU8xsOcM5NOvX4paGjAWS2DjKsQXvEzez7bz4os ziRQ0KO98Pd4RUOY+PMhCKBoZKQdzF3IcvcGeDcmhuxeYnFfpMXACkQ61reaijbV dxUWrvzMZ6MxhW/StSQy9OMcNiP98UlHU1VfP1PfiEY+cFa/citfyK4cTdB0WEB/ 4YjpxWyLd55UwMrGblJ+op3NyqbkpqAUcXjyhq6zdttkFgdNdST6deNDUr0MQjCU LAJBzr/0WaOv8ZS/P/xu =FSN9 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170725202954.GB6414%40mutt. For more options, visit https://groups.google.com/d/optout.
