Date: Sun, 9 Jan 2022 20:20:47 +0300 From: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> To: Valeri Galtsev <galtsev@kicp.uchicago.edu> Cc: "Steve O'Hara-Smith" <steve@sohara.org>, questions@freebsd.org Subject: Re: entering geli passphrase only once at FreeBSD boot Message-ID: <CAOgwaMsTQKdxz2Ry5mWe_TL0e30vrLK4h4vHx4nHbnkudewLLA@mail.gmail.com> In-Reply-To: <747271fd-3276-b2ef-dd8c-b18c1fff2f10@kicp.uchicago.edu> References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com> <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> <CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476%2BYVNuTKMPB7eDQ@mail.gmail.com> <20220109145048.141b35831e07ad9fa8a73c66@sohara.org> <f84b37a9-eba2-8307-40bd-4c9a7700abf0@kicp.uchicago.edu> <20220109153523.5cdc554507c5d9966f4eb28e@sohara.org> <747271fd-3276-b2ef-dd8c-b18c1fff2f10@kicp.uchicago.edu>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sun, Jan 9, 2022 at 7:29 PM Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote: > > On Sun, 9 Jan 2022 10:20:59 -0500 > > Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: > > > >> If RFID chip is involved, part of "hiding" [secret] is to keep card with > >> RFID chip inside shielding sleeve. Or the guy with RF scanner standing > >> next to will easily read it. > > > > > > QR code and camera, typed password and shoulder surfer, fingerprint > > and wine glass ... same problem different spaces, the standard solutions > > are OTP and challenge/response neither of which is an option for geli > > passphrases unfortunately which leaves only "be careful". > > > > I for one stay away from any "biometric" ways of authentication. I do > not want any part of my body "borrowed" from me for such authentication > ;-) But seriously: how secret is your fingerprint? We leave them > everywhere. Or laptop magically unlocks thanks to face recognition, - I > don't even want to start rant about that (still: whose brain dead idea > is that!?) > > These days with 2 factor authentication enforced widely we became > hostages of our cell phones ;-( Imagine you forgot it at home and need > to authenticate. Or the device just died. > > I feel I'm hijacking the thread for my rants... > > Valeri > > When information security is the subject , these are not "rants" . With the "ADVANCEMENT" of technology , our lives are driven into a dangerous state . Many years ago in Turkey ( I do not know the situation in other countries ) it is said that "if we store passwords into chips in bank or credit cards , verification of the validity of the passwords will be "MORE" secure , because readers of these chips cost around US $ 2 000 000 ( two million ) , which is beyond the buying capacity of criminals . They did not consider the possibility of "RENTING" these devices by BIG criminals to SMALL criminals . And many more "SECURE" methods such as taking payments from bank or credit cards even if they are not inserted into readers by remote sensing ... They did not consider the possibility that some CRIMINALs hiding a device in a bag and collecting money when people were walking on the streets or riding the public transportation vehicles . etc. etc. Please continue to enumerate the disastrous decisions to make the lives of people more secure ... Many times I am not able to prevent myself asking the following question to myself : Did these very "HOLY" security measures are designed by CRIMINALS or IGNORANTS ( which both of them are the same ) ? Mehmet Erol Sanliturk > >> PS My wallet has RF shielding foil inserts ;-) > > > > Mine too. > > > > -- > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > > [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:large"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jan 9, 2022 at 7:29 PM Valeri Galtsev <<a href="mailto:galtsev@kicp.uchicago.edu">galtsev@kicp.uchicago.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> <br> On 1/9/22 10:35 AM, Steve O'Hara-Smith wrote:<br> > On Sun, 9 Jan 2022 10:20:59 -0500<br> > Valeri Galtsev <<a href="mailto:galtsev@kicp.uchicago.edu" target="_blank">galtsev@kicp.uchicago.edu</a>> wrote:<br> > <br> >> If RFID chip is involved, part of "hiding" [secret] is to keep card with<br> >> RFID chip inside shielding sleeve. Or the guy with RF scanner standing<br> >> next to will easily read it.<br> > <br> > <br> > QR code and camera, typed password and shoulder surfer, fingerprint<br> > and wine glass ... same problem different spaces, the standard solutions<br> > are OTP and challenge/response neither of which is an option for geli<br> > passphrases unfortunately which leaves only "be careful".<br> > <br> <br> I for one stay away from any "biometric" ways of authentication. I do <br> not want any part of my body "borrowed" from me for such authentication <br> ;-) But seriously: how secret is your fingerprint? We leave them <br> everywhere. Or laptop magically unlocks thanks to face recognition, - I <br> don't even want to start rant about that (still: whose brain dead idea <br> is that!?)<br> <br> These days with 2 factor authentication enforced widely we became <br> hostages of our cell phones ;-( Imagine you forgot it at home and need <br> to authenticate. Or the device just died.<br> <br> I feel I'm hijacking the thread for my rants...<br> <br> Valeri<br> <br></blockquote><div><br></div><div><br></div><div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">When information security is the subject , these are not "rants" .</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">With the "ADVANCEMENT" of technology , our lives are driven into</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">a dangerous state .</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">Many years ago in Turkey ( I do not know the situation in other countries )</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">it is said that "if we store passwords into chips in bank or credit cards , <br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">verification of the validity of the passwords will be "MORE" secure , <br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">because readers of these chips cost around US $ 2 000 000 ( two million ) , <br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">which is beyond the buying capacity of criminals .</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">They did not consider the possibility of "RENTING" these devices by BIG criminals</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">to SMALL criminals .</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">And many more "SECURE" methods such as taking payments from bank or credit cards</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">even if they are not inserted into readers by remote sensing ...</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">They did not consider the possibility that some CRIMINALs hiding a device in</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">a bag and collecting money when people were walking on the streets or riding the</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">public transportation vehicles .</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">etc.</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">etc.</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">Please continue to enumerate the disastrous decisions to make the lives</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">of people more secure ...</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">Many times I am not able to prevent myself asking the following question <br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">to myself :</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">Did these very "HOLY" security measures are designed by <br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">CRIMINALS or IGNORANTS ( which both of them are the same ) ?</div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default">Mehmet Erol Sanliturk<br></div><div style="font-family:tahoma,sans-serif;font-size:large" class="gmail_default"><br></div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> >> PS My wallet has RF shielding foil inserts ;-)<br> > <br> > Mine too.<br> > <br> <br> -- <br> ++++++++++++++++++++++++++++++++++++++++<br> Valeri Galtsev<br> Sr System Administrator<br> Department of Astronomy and Astrophysics<br> Kavli Institute for Cosmological Physics<br> University of Chicago<br> Phone: 773-702-4247<br> ++++++++++++++++++++++++++++++++++++++++<br> <br> </blockquote></div></div>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOgwaMsTQKdxz2Ry5mWe_TL0e30vrLK4h4vHx4nHbnkudewLLA>