J.M. Porup: >> If I understand correctly, your problem could also be solved by having >> support for persistence from a separate device when running on DVD, >> and using the additional software feature. See >> https://labs.riseup.net/code/issues/5561. > > Persistance on a separate device would be a suboptimal solution. In > order to trust any program installed on a USB stick, I would have to re- > download and re-verify the .deb packages every time in order to verify > their integrity. Cryptographic tools bundled with TAILS on DVD do not > suffer from this vulnerability.
Is you could use a combination of the APT Packages [1], APT Lists [2], and Additional software [3] persistence features then you would not have to download them each and they would be installed automatically every time. [1]: https://tails.boum.org/doc/first_steps/persistence/configure/#apt_packages [2]: https://tails.boum.org/doc/first_steps/persistence/configure/#apt_lists [3]: https://tails.boum.org/doc/first_steps/persistence/configure/#additional_software Note that the verification process involved in Debian when installing a packages uses OpenPGP and is exactly the same as the one we rely one while building our ISO images in the first place. So new packages shouldn't be considered as less authenticated that pre-installed packages (if your system hasn't be tempered with of course). >> Until then, we prefer including new cryptographic tool when they also >> have a graphical interface so they can be used by more people. Do you >> know if that's the case for oathtool? Can you also describe better >> which scenarios such tool would also in the case of Tails? > > Use of 2FA is growing rapidly. For instance, my domain registrar offers > 2FA. So does my email provider. You can also set up 2FA for ssh > connections. > > A GUI would certainly be nice. Most 2FA development has focused on > mobile platforms. Aside from the satisfactory Linux command-line tools, > I did find these GUI options: > > https://marketplace.firefox.com/app/gauth-authenticator/ > This is apparently a Firefox add-on, but the site does not display in > Iceweasal using TAILS. > > http://freecode.com/projects/openotp > Freeware, not GPL. Cannot comment on suitability. > > http://freecode.com/projects/multiotp > GPL. Still in beta, PHP/Javascript web-based auth. > > Even if none of these GUI implementations are (yet) suitable > for TAILS, it's still worth considering including 2FA command line > tools. For a very small amount of disk space, you can significantly > increase the security of those who know how to use oathtools. For me that goes very well into the kind of useful packages that the Additional software persistence feature is made for. But that cannot go into the official ISO image because they lack a proper GUI in Debian. Nonetheless, in order to get the opinion of more devs I created a Discuss ticket on Redmine: https://labs.riseup.net/code/issues/7128 -- sajolida
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
