Am I reading [1] directly in that the FIDO2 is intended to be as 1FA? If so, would you be open to a feature request on GitHub which adds a password into the mix? This is currently possible using eg: fido2luks [2]. Note that fido2luks uses the password twice [3], before and after the FIDO2 operation, which I assume is to deter side-channel attacks (USB sniffing). Christian [1] https://www.freedesktop.org/software/systemd/man/crypttab.html [2] https://github.com/shimunn/fido2luks [3] https://github.com/shimunn/fido2luks/#theory-of-operation _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
systemd-crypttab: FIDO2 and passwords
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: systemd-crypttab: FIDO2 and passwords
- From: Christian Kastner <ckk@xxxxxxxxxx>
- Date: Sun, 7 Mar 2021 19:24:30 +0100
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
- Follow-Ups:
- Re: systemd-crypttab: FIDO2 and passwords
- From: Lennart Poettering
- Re: systemd-crypttab: FIDO2 and passwords
- Prev by Date: Prefix Delegation, laking options in request.
- Next by Date: Re: systemd-crypttab: FIDO2 and passwords
- Previous by thread: Prefix Delegation, laking options in request.
- Next by thread: Re: systemd-crypttab: FIDO2 and passwords
- Index(es):
 |