Date: Sun, 9 Jan 2022 17:12:33 +0000 From: Steve O'Hara-Smith <steve@sohara.org> To: Valeri Galtsev <galtsev@kicp.uchicago.edu> Cc: questions@freebsd.org Subject: Re: entering geli passphrase only once at FreeBSD boot Message-ID: <20220109171233.5ce74616e93058d49e19c177@sohara.org> In-Reply-To: <747271fd-3276-b2ef-dd8c-b18c1fff2f10@kicp.uchicago.edu> References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com> <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> <CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476%2BYVNuTKMPB7eDQ@mail.gmail.com> <20220109145048.141b35831e07ad9fa8a73c66@sohara.org> <f84b37a9-eba2-8307-40bd-4c9a7700abf0@kicp.uchicago.edu> <20220109153523.5cdc554507c5d9966f4eb28e@sohara.org> <747271fd-3276-b2ef-dd8c-b18c1fff2f10@kicp.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jan 2022 11:28:36 -0500 Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote: > > On Sun, 9 Jan 2022 10:20:59 -0500 > > Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > >> If RFID chip is involved, part of "hiding" [secret] is to keep card > >> with RFID chip inside shielding sleeve. Or the guy with RF scanner > >> standing next to will easily read it. > > > > > > QR code and camera, typed password and shoulder surfer, > > fingerprint and wine glass ... same problem different spaces, the > > standard solutions are OTP and challenge/response neither of which is > > an option for geli passphrases unfortunately which leaves only "be > > careful". > > > > I for one stay away from any "biometric" ways of authentication. I do > not want any part of my body "borrowed" from me for such authentication Yeah, these people who embed RFID chips in their hands are just asking for amateur surgery. > ;-) But seriously: how secret is your fingerprint? We leave them Not even slightly, it's a bit like the old bike locks that could be opened by any key including a screwdriver - security theatre. > everywhere. Or laptop magically unlocks thanks to face recognition, - I > don't even want to start rant about that (still: whose brain dead idea > is that!?) It would help if it required the face to be moving - a bit. The one that gets me is the dialogue that pops up on some sites *after* authentication with my name in it and a request to confirm that I am indeed the person named. > These days with 2 factor authentication enforced widely we became > hostages of our cell phones ;-( Imagine you forgot it at home and need > to authenticate. Or the device just died. Yep, but the old RSA keyfobs had the same problems. -- Steve O'Hara-Smith Odds and Ends at http://www.sohara.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220109171233.5ce74616e93058d49e19c177>