On Fri, 10 Aug 2018, 19:04 Brian Candler, <b.cand...@pobox.com> wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote: > > But I'd feel a lot happier if a second level of authentication were > required to establish a wireguard connection, if no packets had been > flowing for more than a configurable amount of time - say, an hour. It > would give some comfort around lost/stolen devices. > > Couldn't you just encrypt your home directory? Or even the root FS entirely. > Either of those should be a must on a portable device storing valuable > information. > > But by analogy, would you say that SSH keys and PGP keys don't need > protection by a passphrase? > Yes, I will say so. I (almost) never use it, it is either too unsecure yet cumbersome, so I use separate devices (nFA), encrypted FS, etc. where needed. Or nothing at all. Kalin.
_______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard