Jump to content

maxdamo

Members
  • Content Count

    2
  • Joined

  • Last visited

Everything posted by maxdamo

  1. hello. as you probably know Yubikey supports offline operation and, for instance, it's actually used to open encrypted volumes with LVM https://github.com/cornelinux/yubikey-luks LVM uses 8 slots to store passwords, which means that it's possible to set 8 different password or yubikey challenges. In other words, if the yubikey is lost, you can use the password, if the password if forgotten you can use they yubikey. We (the users) don't understand what you see as being wrong with this implementation. What you think the guy of the project above for LVM did wrong?
  2. @Vinod Kumar IMO it should be "user provided" or "static from Yubikey" (and not the combination of both). first reason, is that the "user provided" password is a backdoor, if the yubikey is lost or broken. Secondly, we are a bit tired of typing 3rd, it's a super-long password which cannot be broken/guessed in any way, and the few characters that you'll add won't add any security (yes, if somebody steals the key, can use it to login, but they need to steal the laptop together with they key.... let's go back to real life scenarios ) There is a fork of KeepassX for Linux which supports Yubikey static password.... unfortunately they are not providing a backdoor password, and it's a bit scary to use it. There is experimental code: you need to query the yubikey (with proper api, libraries, tools, whatever, ) to grab the static password.
×
×
  • Create New...