Re: Bug#1059745: ITP: cryptsetup-2fa -- 2FA plugin for cryptsetup
On Sun, 2023-12-31 at 18:49 +0800, YunQiang Su wrote:
> * Package name : cryptsetup-2fa
> Version : 0.1
> Upstream Contact: YunQiang Su <syq@debian.org>
> * URL : https://github.com/wzssyqa/cryptsetup-2fa/
> * License : BSD-2
> Programming Lang: SHELL
> Description : 2FA plugin for cryptsetup
>
> 2 mthods are supported for 2 FA:
> - Yubikey Challenge
> - TPM2 Keypair
> PIN-less is also supported, if the PINs are present in
> /etc/cryptsetup/2fa.conf.
>
> Since I am not expert of security and encrypt:
> CODE Review is requested here, too.
Is there any reason to not just use systemd-cryptenroll?
It seems to be a more featureful implementation and also doesn't
require storing PINs in plain text in configuration files like
/etc/cryptsetup/2fa/2fa.conf as README instructs users to do here.
Nor does it store plain text credentials in /var/cache.
Ansgar
PS: I also don't understand why cryptsetup-2fa-enroll(1) references
privacyIDEA.
Reply to: