Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote: > On Tue, Dec 20, 2016 at 10:22 AM, wrote: > > it wouldn't require external services like TOTP and other variations. > > The reason TOTP isn't

Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Jean-Philippe Ouellet
On Tue, Dec 20, 2016 at 4:09 PM, Jean-Philippe Ouellet wrote: > It does now somehow detect that your computer has been evil-maided, nor > prevent it from being so. "does now" should be "does not" It's been a rough day >_> -- You received this message because you are subscribed

Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Jean-Philippe Ouellet
On Tue, Dec 20, 2016 at 4:00 PM, Jean-Philippe Ouellet wrote: > Unless you can come up with some cryptographically-sound way to > integrate the information provided by a 2nd factor as a hard > requirement to complete the secrets-unsealing-at-boot process, then > the evil-maided

Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Jean-Philippe Ouellet
If I understand correctly, it would be completely useless. The point of AEM is ultimately to somehow authenticate the computer to the user, rather than the more common direction of authenticating the identify of a user to the computer (which IIUC is all that U2F can provide, where in the U2F case