From nobody Sun Jan  9 15:35:23 2022
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B27881946986
	for <questions@mlmmj.nyi.freebsd.org>; Sun,  9 Jan 2022 15:35:30 +0000 (UTC)
	(envelope-from 4250.82.1d4d80000b1f23b.b37250af9ade52c00fd007cbd8cf4883@email-od.com)
Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JX1Hk4NM9z4VJK
	for <questions@freebsd.org>; Sun,  9 Jan 2022 15:35:30 +0000 (UTC)
	(envelope-from 4250.82.1d4d80000b1f23b.b37250af9ade52c00fd007cbd8cf4883@email-od.com)
DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim;
	c=relaxed/relaxed; q=dns/txt; t=1641742531; x=1644334531;
	h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info;
	bh=pFgar9qxMw4N7RqqJUTcCn2gvGtzQBFhpJxLhvzYkwk=;
	b=jrMqszDoNNwGeKAHRPPRom/qhnTxgsWL5DGnnb8qp25/xh0ItBEad4Kc+jeb8P1A7JcT9SMSPqAEgK/vTX6eikkx4FsPaGWBUjRuwMcDOUVmKhl3LjhtEoTy8Olo6jQOjRX74XPfA0TY3qi0o4ItwKwe7UiTG85HTgPLTyU833E=
X-Thread-Info: NDI1MC4xMi4xZDRkODAwMDBiMWYyM2IucXVlc3Rpb25zPWZyZWVic2Qub3Jn
Received: from r3.sg.in.socketlabs.com (r3.sg.in.socketlabs.com [142.0.179.13]) by mxsg2.email-od.com
	with ESMTP; Sun, 9 Jan 2022 10:35:25 -0500
Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r3.sg.in.socketlabs.com
	with ESMTP(version=Tls12 cipher=Aes256 bits=256); Sun, 9 Jan 2022 10:35:25 -0500
Received: from [192.168.63.1] (helo=steve.lan.sohara.org)
	by smtp.lan.sohara.org with smtp (Exim 4.94.2 (FreeBSD))
	(envelope-from <steve@sohara.org>)
	id 1n6aE7-000MK6-Ao; Sun, 09 Jan 2022 15:35:23 +0000
Date: Sun, 9 Jan 2022 15:35:23 +0000
From: Steve O'Hara-Smith <steve@sohara.org>
To: Valeri Galtsev <galtsev@kicp.uchicago.edu>
Cc: questions@freebsd.org
Subject: Re: entering geli passphrase only once at FreeBSD boot
Message-Id: <20220109153523.5cdc554507c5d9966f4eb28e@sohara.org>
In-Reply-To: <f84b37a9-eba2-8307-40bd-4c9a7700abf0@kicp.uchicago.edu>
References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com>
	<20220109102339.45932ef6cf6f42daa3a1871d@sohara.org>
	<CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476+YVNuTKMPB7eDQ@mail.gmail.com>
	<20220109145048.141b35831e07ad9fa8a73c66@sohara.org>
	<f84b37a9-eba2-8307-40bd-4c9a7700abf0@kicp.uchicago.edu>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
X-Clacks-Overhead: "GNU Terry Pratchett"
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4JX1Hk4NM9z4VJK
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

On Sun, 9 Jan 2022 10:20:59 -0500
Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote:

> If RFID chip is involved, part of "hiding" [secret] is to keep card with 
> RFID chip inside shielding sleeve. Or the guy with RF scanner standing 
> next to will easily read it.


	QR code and camera, typed password and shoulder surfer, fingerprint
and wine glass ... same problem different spaces, the standard solutions
are OTP and challenge/response neither of which is an option for geli
passphrases unfortunately which leaves only "be careful".

> PS My wallet has RF shielding foil inserts ;-)

	Mine too.

-- 
Steve O'Hara-Smith <steve@sohara.org>