From nobody Sun Jan  9 18:18:23 2022
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id AD509194A5E8
	for <questions@mlmmj.nyi.freebsd.org>; Sun,  9 Jan 2022 18:19:01 +0000 (UTC)
	(envelope-from kudzu@tenebras.com)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JX4wN6sHqz3FyH
	for <questions@freebsd.org>; Sun,  9 Jan 2022 18:19:00 +0000 (UTC)
	(envelope-from kudzu@tenebras.com)
Received: by mail-lf1-x129.google.com with SMTP id i31so36419303lfv.10
        for <questions@freebsd.org>; Sun, 09 Jan 2022 10:19:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tenebras-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=kDO5VmVcme4q7Wb6bBQGtvBvdtHroSEbAvSV/PL0BM4=;
        b=2xpU1+K8pv0Ujdmsf3AVPWtxypWNt1s4dzze1CTbQOYWlTt+tEjseoGKPpz37eQcyy
         UDrU4YvEKGT4dLbayjb7JXtnXKGzc0BYOMo4fVpAKS/MDeBfrn4NceL4uED/aDfikWBI
         Bexff8hCfUTidMfQxMfiThWT+WYLxf4sxCmkagca74VNWKGnICRldmRXnOz6tx6FP1pX
         XMoVNLovzAWpSzaaWVdb3fwvdEo/sS2Qo5vKNwZg/mtvg8bExzA92sy9Gt6LPMpt1+GQ
         Vzo7MNqsyfoc5m8WkM589fV1EvBfq7N87HVl/pvH3BHBOtxFlKw/J8CZVeNSBzO5+NJt
         KJyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=kDO5VmVcme4q7Wb6bBQGtvBvdtHroSEbAvSV/PL0BM4=;
        b=lTCxOZJLV1kef9/KNo2h2uqH2GMc5yxG1ifQr9rpG2uknxisZqabA6/joatUqqK+iy
         8Ia5j2t562F6zRaoOllzaWpHbU1wtlyygcefU7xcJkjtpyWoHNZ6d3Elt5pWVeaiQgtS
         NyXbDH4HelH9XudENaQIcHLZ6VYdG55GaEseIs1HC2jpbvCaYKWXrvYVuGRyXQPhjQ0L
         c0P9HiKTMjT7379Ed/jR3XeeojR92OnkyFcVo2pdiDh7QQB/seiG6P+aee4ZBN/No1Zf
         EdAvp+GWS5yYvbnxeXcWRChTLUpnIwvYjAaDvnl30zHJ/RQ1F+xmbI1vXkgtX/CTfedu
         LnJQ==
X-Gm-Message-State: AOAM530i82nAUgoxsekRwirh2IMu156wmYLmdfoFy3pzShLpayxeIqi6
	E273d1VYV3BzaWqvgkc1Xxq+Mlj1xAfBUq5yHe6eJWEW+Yw=
X-Google-Smtp-Source: ABdhPJx0LUoDPyrZA7JsL4vYfqFtAftJMdCuJueu5AaEBhVSgKbQVqu/19gSoAelWZnudJm4i52troBx3g4ySyJKJZA=
X-Received: by 2002:a05:6512:2626:: with SMTP id bt38mr63011280lfb.255.1641752339376;
 Sun, 09 Jan 2022 10:18:59 -0800 (PST)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
References: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com>
 <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> <CAOgwaMshquXn8NbotqPQNp22_wVw_aSiG476+YVNuTKMPB7eDQ@mail.gmail.com>
 <20220109145048.141b35831e07ad9fa8a73c66@sohara.org> <f84b37a9-eba2-8307-40bd-4c9a7700abf0@kicp.uchicago.edu>
 <20220109153523.5cdc554507c5d9966f4eb28e@sohara.org> <747271fd-3276-b2ef-dd8c-b18c1fff2f10@kicp.uchicago.edu>
 <20220109191504.216d7f40@archlinux>
In-Reply-To: <20220109191504.216d7f40@archlinux>
From: Michael Sierchio <kudzu@tenebras.com>
Date: Sun, 9 Jan 2022 10:18:23 -0800
Message-ID: <CAHu1Y733-y_fMdi+2S2xYn4vu3H2Qeu-cPq1sefMKNUAKhLZJg@mail.gmail.com>
Subject: Re: entering geli passphrase only once at FreeBSD boot
To: "questions@FreeBSD.org" <questions@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000ff826205d52a4028"
X-Rspamd-Queue-Id: 4JX4wN6sHqz3FyH
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=tenebras-com.20210112.gappssmtp.com header.s=20210112 header.b=2xpU1+K8;
	dmarc=none;
	spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2a00:1450:4864:20::129) smtp.mailfrom=kudzu@tenebras.com
X-Spamd-Result: default: False [0.94 / 15.00];
	 ARC_NA(0.00)[];
	 R_DKIM_ALLOW(-0.20)[tenebras-com.20210112.gappssmtp.com:s=20210112];
	 FROM_HAS_DN(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org];
	 DMARC_NA(0.00)[tenebras.com];
	 NEURAL_SPAM_MEDIUM(1.00)[1.000];
	 RCPT_COUNT_ONE(0.00)[1];
	 DKIM_TRACE(0.00)[tenebras-com.20210112.gappssmtp.com:+];
	 NEURAL_SPAM_LONG(1.00)[0.998];
	 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::129:from];
	 NEURAL_HAM_SHORT(-0.76)[-0.758];
	 TO_DN_EQ_ADDR_ALL(0.00)[];
	 R_SPF_NA(0.00)[no SPF record];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:~];
	 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

--000000000000ff826205d52a4028
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 9, 2022 at 10:15 AM Ralf Mardorf <ralf-mardorf@riseup.net>
wrote:

> From conviction I don't own a smartphone and my iPad's aren't equipped
> with the "Cellular" thingy. However, Apple 2 factor authentication
> works by WiFi, too and some companies call me by landline to sent a
> speech SMS. To make an appointment to get an influenza virus
> vaccination I needed the help of a friend with a smartphone, since the
> doctor required a confirmation code send to me (the friend) by text
> SMS. Sometimes I'm screwed without a smartphone, but smartphone
> addicted people (and almost all owners are addicted) are probably
> screwed all the times, because the human brain needs time focus and
> time pause without smartphone disturbances.
>
>
Apple MFA is more than 2FA =E2=80=93 it shows the presumed geolocation of t=
he
request, and asks if it's you.  There are other things behind the scenes.
Obviously SMS is the worst, especially in the US or some other place where
it is fairly trivial to SIM swap a target.

--000000000000ff826205d52a4028
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Sun, Jan 9, 2022 at 10:15 AM Ralf =
Mardorf &lt;<a href=3D"mailto:ralf-mardorf@riseup.net">ralf-mardorf@riseup.=
net</a>&gt; wrote:</div><blockquote class=3D"gmail_quote" style=3D"margin:0=
px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
>From conviction I don&#39;t own a smartphone and my iPad&#39;s aren&#39;t e=
quipped<br>
with the &quot;Cellular&quot; thingy. However, Apple 2 factor authenticatio=
n<br>
works by WiFi, too and some companies call me by landline to sent a<br>
speech SMS. To make an appointment to get an influenza virus<br>
vaccination I needed the help of a friend with a smartphone, since the<br>
doctor required a confirmation code send to me (the friend) by text<br>
SMS. Sometimes I&#39;m screwed without a smartphone, but smartphone<br>
addicted people (and almost all owners are addicted) are probably<br>
screwed all the times, because the human brain needs time focus and<br>
time pause without smartphone disturbances.<br>
<br>
</blockquote><div><br></div><div>Apple MFA is more than 2FA =E2=80=93 it sh=
ows the presumed geolocation of the request, and asks if it&#39;s you.=C2=
=A0 There are other things behind the scenes.=C2=A0 Obviously SMS is the wo=
rst, especially in the US or some other place where it is fairly trivial to=
 SIM swap a target.</div><div>=C2=A0</div></div></div>

--000000000000ff826205d52a4028--