-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-11-12 12:07, Eric wrote: > Is there any way to use a YubiKey for Anti-Evil-Maid, instead of just a > regular USB flash drive?
AFAIK, yes, but I haven't personally tried it, since I don't own a YubiKey. > I imagine (though I will be the first to say that I don't know), that the > firmware on it is much less resistant to compromise/BadUSB attacks, and since > it crypto something something, it seems a natural fit. > There are, indeed, security considerations regarding the choice of medium for an AEM drive. Take a look at this issue: https://github.com/QubesOS/qubes-issues/issues/1980 And this associated discussion thread: https://groups.google.com/d/topic/qubes-users/I5clx1E-S9M/discussion > Of course, I haven't seen the code for AEM, Why "of course"? The source code is freely available for all to see: https://github.com/QubesOS/qubes-antievilmaid > and I know that it's a program instead of just a keyfile. Is there any > possibility of two factor authentication for anti-evil-maid? IE, passphrase > and a YubiKey? > Well, there's been some work done on using a YubiKey as a second factor for logging in to Qubes, but it's for the lock screen, not for AEM: https://www.qubes-os.org/doc/yubi-key/ I'm not sure if it'd be possible to do with AEM, since that prompt is so early in the boot process. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYJ6NoAAoJENtN07w5UDAwihQP/1MF4QStLEXh2WaTQ9rWaICC ytB/kpujfvGvATB23/OkQ3qGElziBVQ308FYWXIs2HGHSteJPeH2Wx0EYpWjUgtf 6GgkVMjcQRFmIzbl29ZvcftrF1YhdV6HRHy+/DmdEAwfGu6sl4FHnoUV0/R2EaSf AhbUpM4u0Y5G9ecqUz/lOVlvnKbX5UBuwE6gDPNEdMgHq6rVU28TsSw581UHxi/c RmBEagnoZfYutVLNYTGOM/wDUgGAUDsZprD0DYurFdwWp4Mut2SQYqOFRcEucpdX Cympsp8mzQf19LLgmjrYEALMbO+HL7XYa6mly1eWoPErWgJpMWpP3D1W3y1wYVm3 On6wB3rDZnCxoQUls9jgdQjyS9QI4Fu4d0UZD6EkO+K5XR8cdwrnl/1nkJGq6nK6 kio5gp2DiNz2WMbpzKh7HHGh5qPD14xHuLRxHzPw/pp0xCcKF/WBAo9NhXheh6sl mBHAlEMdlc0nB5M8YjcAfaluCEsNz7mA+fEBGKV28UNJsGyUub0wY6LbQVXGBxSx 6bjvVWr9QE12RuqmV9NPOilFGmznmJ7Ml9zwnkOd2cgBuGSIjF2Skp9ag/Pv+cOY bulkrJnb8+8Wdvt5d7H9wXvjYOum9OeY7rhIYmKpXtLK8D4YjL2sOuS0vJ3aH+Mx xmqQWHd5VjaFE1lWL+21 =AsT6 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22e0f325-f64f-598d-e2c2-5c1dbc580584%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.