On mar., 2014-06-17 at 20:11 +0200, Arno Wagner wrote: > But you should know than an RSA token does not provide any secret > when used to authenticate. It proves that it knows a secret, but > that secret is not transferred. Hence an RSA token is not suitable > for use with disk encryption. Well, if the hardware device is able to decrypt something (like a pkcs11 token or an OpenPGP smartcard, for example), it's at least possible to store an encrypted keyfile somewhere accessible at boot, then ask the token for decryption and feed that to cryptsetup. I'm not sure if google authenticator and the RSA token you're talking about fits in that description though. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
