[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1059745: ITP: cryptsetup-2fa -- 2FA plugin for cryptsetup

On Sun, 2023-12-31 at 18:49 +0800, YunQiang Su wrote:
> * Package name    : cryptsetup-2fa
>   Version         : 0.1
>   Upstream Contact: YunQiang Su <syq@debian.org>
> * URL             : https://github.com/wzssyqa/cryptsetup-2fa/
> * License         : BSD-2
>   Programming Lang: SHELL
>   Description     : 2FA plugin for cryptsetup
> 
> 2 mthods are supported for 2 FA:
>   - Yubikey Challenge
>   - TPM2 Keypair
> PIN-less is also supported, if the PINs are present in
> /etc/cryptsetup/2fa.conf.
> 
> Since I am not expert of security and encrypt:
> CODE Review is requested here, too.

Is there any reason to not just use systemd-cryptenroll?
It seems to be a more featureful implementation and also doesn't
require storing PINs in plain text in configuration files like
/etc/cryptsetup/2fa/2fa.conf as README instructs users to do here.
Nor does it store plain text credentials in /var/cache.

Ansgar

PS: I also don't understand why cryptsetup-2fa-enroll(1) references
privacyIDEA.
Reply to: