-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote:
> On Tue, Dec 20, 2016 at 10:22 AM, wrote:
> > it wouldn't require external services like TOTP and other variations.
>
> The reason TOTP isn't
On Tue, Dec 20, 2016 at 4:09 PM, Jean-Philippe Ouellet wrote:
> It does now somehow detect that your computer has been evil-maided, nor
> prevent it from being so.
"does now" should be "does not"
It's been a rough day >_>
--
You received this message because you are subscribed
On Tue, Dec 20, 2016 at 4:00 PM, Jean-Philippe Ouellet wrote:
> Unless you can come up with some cryptographically-sound way to
> integrate the information provided by a 2nd factor as a hard
> requirement to complete the secrets-unsealing-at-boot process, then
> the evil-maided
If I understand correctly, it would be completely useless.
The point of AEM is ultimately to somehow authenticate the computer to
the user, rather than the more common direction of authenticating the
identify of a user to the computer (which IIUC is all that U2F can
provide, where in the U2F case
I was wondering how much additional security this could give AEM if it
supported adding Fido U2F as 2FA. it wouldn't require external services like
TOTP and other variations. Additionally it would dramatically slow down an
offline attack and greatly increase the cost to do it.
What do you