From nobody Sun Jan  9 16:28:36 2022
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7CC84192B52E
	for <questions@mlmmj.nyi.freebsd.org>; Sun,  9 Jan 2022 16:28:37 +0000 (UTC)
	(envelope-from galtsev@kicp.uchicago.edu)
Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70])
	by mx1.freebsd.org (Postfix) with ESMTP id 4JX2T12xHYz4f7g
	for <questions@freebsd.org>; Sun,  9 Jan 2022 16:28:37 +0000 (UTC)
	(envelope-from galtsev@kicp.uchicago.edu)
Received: from [192.168.43.231] (unknown [172.58.136.195])
	(Authenticated sender: galtsev)
	by kicp.uchicago.edu (Postfix) with ESMTPSA id ECB224E46C;
	Sun,  9 Jan 2022 10:28:36 -0600 (CST)
Message-ID: <747271fd-3276-b2ef-dd8c-b18c1fff2f10@kicp.uchicago.edu>
Date: Sun, 9 Jan 2022 11:28:36 -0500
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
 Gecko/20100101 Thunderbird/91.4.1
Subject: Re: entering geli passphrase only once at FreeBSD boot
Content-Language: en-US
To: Steve O'Hara-Smith <steve@sohara.org>
Cc: questions@freebsd.org
References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com>
 <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org>
 <CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476+YVNuTKMPB7eDQ@mail.gmail.com>
 <20220109145048.141b35831e07ad9fa8a73c66@sohara.org>
 <f84b37a9-eba2-8307-40bd-4c9a7700abf0@kicp.uchicago.edu>
 <20220109153523.5cdc554507c5d9966f4eb28e@sohara.org>
From: Valeri Galtsev <galtsev@kicp.uchicago.edu>
In-Reply-To: <20220109153523.5cdc554507c5d9966f4eb28e@sohara.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4JX2T12xHYz4f7g
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N



On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote:
> On Sun, 9 Jan 2022 10:20:59 -0500
> Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote:
> 
>> If RFID chip is involved, part of "hiding" [secret] is to keep card with
>> RFID chip inside shielding sleeve. Or the guy with RF scanner standing
>> next to will easily read it.
> 
> 
> 	QR code and camera, typed password and shoulder surfer, fingerprint
> and wine glass ... same problem different spaces, the standard solutions
> are OTP and challenge/response neither of which is an option for geli
> passphrases unfortunately which leaves only "be careful".
> 

I for one stay away from any "biometric" ways of authentication. I do 
not want any part of my body "borrowed" from me for such authentication 
;-) But seriously: how secret is your fingerprint? We leave them 
everywhere. Or laptop magically unlocks thanks to face recognition, - I 
don't even want to start rant about that (still: whose brain dead idea 
is that!?)

These days with 2 factor authentication enforced widely we became 
hostages of our cell phones ;-( Imagine you forgot it at home and need 
to authenticate. Or the device just died.

I feel I'm hijacking the thread for my rants...

Valeri

>> PS My wallet has RF shielding foil inserts ;-)
> 
> 	Mine too.
> 

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++