Re: entering geli passphrase only once at FreeBSD boot

From: Valeri Galtsev <galtsev_at_kicp.uchicago.edu>
Date: Sun, 09 Jan 2022 16:28:36 UTC

On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote:
> On Sun, 9 Jan 2022 10:20:59 -0500
> Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote:
> 
>> If RFID chip is involved, part of "hiding" [secret] is to keep card with
>> RFID chip inside shielding sleeve. Or the guy with RF scanner standing
>> next to will easily read it.
> 
> 
> 	QR code and camera, typed password and shoulder surfer, fingerprint
> and wine glass ... same problem different spaces, the standard solutions
> are OTP and challenge/response neither of which is an option for geli
> passphrases unfortunately which leaves only "be careful".
> 

I for one stay away from any "biometric" ways of authentication. I do 
not want any part of my body "borrowed" from me for such authentication 
;-) But seriously: how secret is your fingerprint? We leave them 
everywhere. Or laptop magically unlocks thanks to face recognition, - I 
don't even want to start rant about that (still: whose brain dead idea 
is that!?)

These days with 2 factor authentication enforced widely we became 
hostages of our cell phones ;-( Imagine you forgot it at home and need 
to authenticate. Or the device just died.

I feel I'm hijacking the thread for my rants...

Valeri

>> PS My wallet has RF shielding foil inserts ;-)
> 
> 	Mine too.
> 

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++