On Thu, Apr 24, 2014, at 4:56, [email protected] wrote: > J.M. Porup: > > Would the TAILS developers consider including `oathtool` in the next > > release? > > > > This would enable those of us who run TAILS on DVD to use 2F auth in > > a secure manner. > > If I understand correctly, your problem could also be solved by having > support for persistence from a separate device when running on DVD, > and using the additional software feature. See > https://labs.riseup.net/code/issues/5561.
Persistance on a separate device would be a suboptimal solution. In order to trust any program installed on a USB stick, I would have to re- download and re-verify the .deb packages every time in order to verify their integrity. Cryptographic tools bundled with TAILS on DVD do not suffer from this vulnerability. > Until then, we prefer including new cryptographic tool when they also > have a graphical interface so they can be used by more people. Do you > know if that's the case for oathtool? Can you also describe better > which scenarios such tool would also in the case of Tails? Use of 2FA is growing rapidly. For instance, my domain registrar offers 2FA. So does my email provider. You can also set up 2FA for ssh connections. A GUI would certainly be nice. Most 2FA development has focused on mobile platforms. Aside from the satisfactory Linux command-line tools, I did find these GUI options: https://marketplace.firefox.com/app/gauth-authenticator/ This is apparently a Firefox add-on, but the site does not display in Iceweasal using TAILS. http://freecode.com/projects/openotp Freeware, not GPL. Cannot comment on suitability. http://freecode.com/projects/multiotp GPL. Still in beta, PHP/Javascript web-based auth. Even if none of these GUI implementations are (yet) suitable for TAILS, it's still worth considering including 2FA command line tools. For a very small amount of disk space, you can significantly increase the security of those who know how to use oathtools. thanks j _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
