-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-11-12 12:07, Eric wrote:
> Is there any way to use a YubiKey for Anti-Evil-Maid, instead of just a
> regular USB flash drive?
AFAIK, yes, but I haven't personally tried it, since I don't own a YubiKey.
> I imagine (though I will be the first to say that I don't know), that the
> firmware on it is much less resistant to compromise/BadUSB attacks, and since
> it crypto something something, it seems a natural fit.
>
There are, indeed, security considerations regarding the choice of medium for
an AEM drive. Take a look at this issue:
https://github.com/QubesOS/qubes-issues/issues/1980
And this associated discussion thread:
https://groups.google.com/d/topic/qubes-users/I5clx1E-S9M/discussion
> Of course, I haven't seen the code for AEM,
Why "of course"? The source code is freely available for all to see:
https://github.com/QubesOS/qubes-antievilmaid
> and I know that it's a program instead of just a keyfile. Is there any
> possibility of two factor authentication for anti-evil-maid? IE, passphrase
> and a YubiKey?
>
Well, there's been some work done on using a YubiKey as a second factor for
logging in to Qubes, but it's for the lock screen, not for AEM:
https://www.qubes-os.org/doc/yubi-key/
I'm not sure if it'd be possible to do with AEM, since that prompt is so early
in the boot process.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJYJ6NoAAoJENtN07w5UDAwihQP/1MF4QStLEXh2WaTQ9rWaICC
ytB/kpujfvGvATB23/OkQ3qGElziBVQ308FYWXIs2HGHSteJPeH2Wx0EYpWjUgtf
6GgkVMjcQRFmIzbl29ZvcftrF1YhdV6HRHy+/DmdEAwfGu6sl4FHnoUV0/R2EaSf
AhbUpM4u0Y5G9ecqUz/lOVlvnKbX5UBuwE6gDPNEdMgHq6rVU28TsSw581UHxi/c
RmBEagnoZfYutVLNYTGOM/wDUgGAUDsZprD0DYurFdwWp4Mut2SQYqOFRcEucpdX
Cympsp8mzQf19LLgmjrYEALMbO+HL7XYa6mly1eWoPErWgJpMWpP3D1W3y1wYVm3
On6wB3rDZnCxoQUls9jgdQjyS9QI4Fu4d0UZD6EkO+K5XR8cdwrnl/1nkJGq6nK6
kio5gp2DiNz2WMbpzKh7HHGh5qPD14xHuLRxHzPw/pp0xCcKF/WBAo9NhXheh6sl
mBHAlEMdlc0nB5M8YjcAfaluCEsNz7mA+fEBGKV28UNJsGyUub0wY6LbQVXGBxSx
6bjvVWr9QE12RuqmV9NPOilFGmznmJ7Ml9zwnkOd2cgBuGSIjF2Skp9ag/Pv+cOY
bulkrJnb8+8Wdvt5d7H9wXvjYOum9OeY7rhIYmKpXtLK8D4YjL2sOuS0vJ3aH+Mx
xmqQWHd5VjaFE1lWL+21
=AsT6
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/22e0f325-f64f-598d-e2c2-5c1dbc580584%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.