Re: entering geli passphrase only once at FreeBSD boot

In reply to: Valeri Galtsev : "Re: entering geli passphrase only once at FreeBSD boot"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mehmet Erol Sanliturk <m.e.sanliturk_at_gmail.com>
Date: Sun, 09 Jan 2022 17:20:47 UTC
On Sun, Jan 9, 2022 at 7:29 PM Valeri Galtsev <galtsev@kicp.uchicago.edu>
wrote:

>
>
> On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote:
> > On Sun, 9 Jan 2022 10:20:59 -0500
> > Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote:
> >
> >> If RFID chip is involved, part of "hiding" [secret] is to keep card with
> >> RFID chip inside shielding sleeve. Or the guy with RF scanner standing
> >> next to will easily read it.
> >
> >
> >       QR code and camera, typed password and shoulder surfer, fingerprint
> > and wine glass ... same problem different spaces, the standard solutions
> > are OTP and challenge/response neither of which is an option for geli
> > passphrases unfortunately which leaves only "be careful".
> >
>
> I for one stay away from any "biometric" ways of authentication. I do
> not want any part of my body "borrowed" from me for such authentication
> ;-) But seriously: how secret is your fingerprint? We leave them
> everywhere. Or laptop magically unlocks thanks to face recognition, - I
> don't even want to start rant about that (still: whose brain dead idea
> is that!?)
>
> These days with 2 factor authentication enforced widely we became
> hostages of our cell phones ;-( Imagine you forgot it at home and need
> to authenticate. Or the device just died.
>
> I feel I'm hijacking the thread for my rants...
>
> Valeri
>
>

When information security is the subject , these are not "rants" .
With the  "ADVANCEMENT" of technology , our lives are driven into
a dangerous state .

Many years ago in Turkey ( I do not know the situation in other countries )
it is said that "if we store passwords into chips in bank or credit cards ,
verification of the validity of the passwords will be "MORE" secure ,
because readers of these chips cost around  US $ 2 000 000 ( two million )
,
which is beyond the buying capacity of criminals .

They did not consider the possibility of "RENTING" these devices by BIG
criminals
to SMALL criminals .

And many more  "SECURE" methods such as taking payments from bank or credit
cards
even if they are not inserted into readers by remote sensing ...

They did not consider the possibility that some CRIMINALs hiding a device in
a bag and collecting money when people were walking on the streets or
riding the
public transportation vehicles .

etc.
etc.

Please continue to enumerate the disastrous decisions to make the lives
of people more secure ...


Many times I am not able to prevent myself asking the following question
to myself :

Did these very "HOLY" security measures are designed by
CRIMINALS or IGNORANTS ( which both of them are the same ) ?


Mehmet Erol Sanliturk



> >> PS My wallet has RF shielding foil inserts ;-)
> >
> >       Mine too.
> >
>
> --
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
>
>