Re: LUKS Encryption and Fingerprint readers?

2013-08-31 Thread TJ
On 30/08/13 20:22, Glenn Washburn wrote: I'd still like GRUB to be able to read a key-file rather than a typed pass-phrase, and have the key-file hidden on a (second) small (1GB) randomised-data USB flash device (no file-system) so even the operator can't be sure where to find the bytes that

RE: LUKS Encryption and Fingerprint readers?

2013-08-30 Thread J.Witvliet
-Original Message- From: grub-devel-bounces+j.witvliet=mindef...@gnu.org [mailto:grub-devel-bounces+j.witvliet=mindef...@gnu.org] On Behalf Of TJ Sent: Thursday, August 29, 2013 10:20 PM To: grub-devel@gnu.org Subject: Re: LUKS Encryption and Fingerprint readers? On 29/08/13 20:13, Glenn

Re: LUKS Encryption and Fingerprint readers?

2013-08-30 Thread TJ
On 30/08/13 10:10, j.witvl...@mindef.nl wrote: Some time ago i´ve been experimenting with fingerprints, and the result was not encouraging... From security point of view no that many problems (besides all well known general issue´s with fingerprints). I mean no false positive´s, but the

Re: LUKS Encryption and Fingerprint readers?

2013-08-30 Thread Glenn Washburn
On Thu, 29 Aug 2013 21:20:14 +0100 TJ grub-de...@iam.tj wrote: that'd be silly so I'm now moving to whole-disc encryption with the boot-loader, kernel, and initrd on a key-fob USB. I'd still like GRUB to be able to read a key-file rather than a typed pass-phrase, and have the key-file

Re: LUKS Encryption and Fingerprint readers?

2013-08-29 Thread Glenn Washburn
On Thu, 15 Aug 2013 17:51:03 +0100 TJ grub-de...@iam.tj wrote: So I'd like to know what support for key-files and/or fingerprint reading is/could be as input for LUKS unlocking? My other thought, to keep things simple, is to encrypt the entire hard drive and install GRUB and the /boot/

Re: LUKS Encryption and Fingerprint readers?

2013-08-29 Thread TJ
On 29/08/13 20:13, Glenn Washburn wrote: On Thu, 15 Aug 2013 17:51:03 +0100 TJ grub-de...@iam.tj wrote: So I'd like to know what support for key-files and/or fingerprint reading is/could be as input for LUKS unlocking? My other thought, to keep things simple, is to encrypt the entire hard

LUKS Encryption and Fingerprint readers?

2013-08-15 Thread TJ
I was searching for any hint that GRUB might support using a fingerprint reading device as input for unlocking encryption. I found discussion on the mailing list from 2009 centred mostly around TPM which didn't seem to go anywhere, so I wondered what the current thoughts are on supporting one?

Re: LUKS Encryption and Fingerprint readers?

2013-08-15 Thread Vladimir 'φ-coder/phcoder' Serbinenko
On 15.08.2013 18:51, TJ wrote: I was searching for any hint that GRUB might support using a fingerprint reading device as input for unlocking encryption. It's not possible to do securely as fingerprints are not secret. In fact, there are plenty of owner fingerprints on the laptop. But