Re: entering geli passphrase only once at FreeBSD boot
- In reply to: Valeri Galtsev : "Re: entering geli passphrase only once at FreeBSD boot"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 09 Jan 2022 17:12:33 UTC
On Sun, 9 Jan 2022 11:28:36 -0500 Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote: > > On Sun, 9 Jan 2022 10:20:59 -0500 > > Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > >> If RFID chip is involved, part of "hiding" [secret] is to keep card > >> with RFID chip inside shielding sleeve. Or the guy with RF scanner > >> standing next to will easily read it. > > > > > > QR code and camera, typed password and shoulder surfer, > > fingerprint and wine glass ... same problem different spaces, the > > standard solutions are OTP and challenge/response neither of which is > > an option for geli passphrases unfortunately which leaves only "be > > careful". > > > > I for one stay away from any "biometric" ways of authentication. I do > not want any part of my body "borrowed" from me for such authentication Yeah, these people who embed RFID chips in their hands are just asking for amateur surgery. > ;-) But seriously: how secret is your fingerprint? We leave them Not even slightly, it's a bit like the old bike locks that could be opened by any key including a screwdriver - security theatre. > everywhere. Or laptop magically unlocks thanks to face recognition, - I > don't even want to start rant about that (still: whose brain dead idea > is that!?) It would help if it required the face to be moving - a bit. The one that gets me is the dialogue that pops up on some sites *after* authentication with my name in it and a request to confirm that I am indeed the person named. > These days with 2 factor authentication enforced widely we became > hostages of our cell phones ;-( Imagine you forgot it at home and need > to authenticate. Or the device just died. Yep, but the old RSA keyfobs had the same problems. -- Steve O'Hara-Smith Odds and Ends at http://www.sohara.org/