Re: [PATCH] Enable partman-crypto to work with keys on removable devices
Hi David,
On Tue, May 13, 2008 at 08:02:28PM +0200, David Härdeman wrote:
> after a long hiatus I decided to do some d-i hacking again.
Good to see you back.
...
> My d-i knowledge is rusty so a review of the patch would be much
> appreciated. (I've also been out of the loop wrt. d-i development,
> deadlines for the next release, etc...so I have no idea how suitable
> this patch is right now in the bigger picture)
Unfortunately I'm swamped with $JOB right now - I will
find time for review on thursday, hopefully.
Just a thought on quick reading:
> I'm also planning to use some of the infrastructure of the patch to add
> support for two-factor keys (ask a passphrase, hash it, get a keyfile
> from usb stick, xor the two together, use that as the key) and
> smartcards (I've already ordered the hardware, dunno when I'll get it).
That's great.
If we plan to add second factors do you reckon we should
still support non-wrapped plain keys?
I worry a bit that the security implications of plain keys
will be difficult to convey to users inside the partman UI,
and so they might get a wrong sense of security.
"Plain keys on removable device"
-> Decrypt by access to the device
"Passphrase"
-> Decrypt by access to your head
"GnuPG keyfiles"
-> Decrypt by access to your head, plus file
"GnuPG keyfile on removable device"
-> Decrypt by access to your head, plus file on device
etc.
Will the user instinctly grasp the implications correctly?
If not, perhaps we should
a) not offer plain keys at all?
b) offer plain keys only to be stored on encrypted devices?
c) name it "Plain key on removable device
(DONOTUSEUNLESSYOUKNOWWHATYOUAREDOING!)" or something? ;-)
Just a thought. ?
Max
Reply to: