it's a stupid mess. People don't deal with it. It would be nice if there was a specification, other than a shitty vulnerable USB, that would allow the plugging in of a key that stored a GPG private key. That way even your grandma could automagically sign an authentication token. Such a key-fob would have it's own hardware - to receive requests and possibly basic PIN authentication; or even fingerprint - if it was completely isolated (as in never leaves the device); the authentication module would be on the device itself and not through the OS. The idea is that the device itself functions like a removable TPM chip.
Although I personally don't trust hardware that stores fingerprint data - it is feasible for this method to be implemented rather securely and openly (as in libre) In the meantime, I intend soon to make a firefox addon or plugin that stores a salt and domain in the firefox sync database. combine that with a standard manually inputted password to create an HMAC; which can be then be encoded with ASCII values from a lookup table. The result would be a completely random password for every domain. To change the generated pass you would change the salt. The salt is stored in firefox sync but your password is not. I won't get to implement this until I finish UNI in a couple of years. Until then I'm stuck with what I have. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59e98d09-b25f-45d8-80ab-5eed6a448d72%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
