Thanks for the reply Peter,
I should say it this way maybe:) Presently there is no way to enter a
huge password other then memorizing or having it written down. There
should be a way to enter a password key-file to open tails too. Having a
hidden file to open the drive is an extra security step that only the
end-user would know is there.
Another bigger issue that should be considered is: Implementing a
failsafe mechanism that wipes the persistent drive if a number of failed
attempts are made.
I really think that type of protection is needed. Say after 5 failed
attempts it locks a user for an hour and after 8 failed attempts it
wipes the drive totally.
Thank you for reading Peter,
Anthony
On 2016-02-29 08:05, Peter N. Glaskowsky wrote:
On Feb 28, 2016, at 11:31 PM, [email protected] wrote:
...
The first “C.L.P.P.S” password should be one the End-user has
memorized. From there they can either open the tails persistent volume
or they can open a second C.L.P.P.S Database. From there the
password that opens the persistent volume should be in upwards of ten
to twenty thousand characters.
If a short password is used to unlock a keychain that contains a
longer password,
A) the net security of the system is still constrained by the entropy
in the short password, and
B) there is absolutely ZERO benefit to storing a long password in text
form that will immediately be hashed down to a binary key for a bulk
cipher. Just store the binary key.
Best regards,
. png
_______________________________________________
Tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
