Re: [qubes-users] Re: Yubikey in Challenge Response mode in Qubes 3.2

['Tom Zander' via qubes-users]

On Monday, 27 November 2017 06:30:48 CET Yuraeitha wrote:
> I wonder how such misunderstandings, or false interpretations, can be
> avoided among the people, like me, who are learning about Qubes (and
> Linux in general). But that's something for another time and topic, but
> an interesting one nonetheless.

Personally I’d say that the majority of this problem comes from the mis-
design that VMs like debian and even fedora are maintained by DNF/yum.
To do a system upgrade by downloading a new RPM makes no sense as that 
completely destroys all changes made in the template. For instance new 
software that was installed.

If qubes were to disconnect the idea that an RPM of several hundred MBs is 
the way to download/install/upgrade a VM, it would become much easier to 
understand.

Maybe in Qubes 5 :)
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1727044.u3lbsDOL5E%40strawberry.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Yubikey in Challenge Response mode in Qubes 3.2

[Yuraeitha]

On Sunday, November 26, 2017 at 10:04:29 PM UTC, rob_66 wrote:
> Hi.
> 
> Can anybody confirm, set-up(s) described in the links below – thanks,
> mig5 ! – still work today, in completely updated Qubes 3.2, Yubikey Neo,
> usbVM Fedora 25?
> 
> I'm not interested in locking me out of the system. ;)
> 
> ( https://mig5.net/content/yubikey-challenge-response-mode-qubes )
> https://mig5.net/content/yubikey-2fa-qubes-redux-adding-backup-key
> 
> Cheers, thanks,
> 
> Rob

I believe to remember it mentioned somewhere that the hardware key is an 
additional login measure, so that you can use both password and a hardware key, 
interchangeably. Then you can make the password really long and complex, and 
keep it in a safe place. Then use your hardware key while on the go. (For 
example). For as long as both the password and the hardware key has good 
entropy and long, then it should be hard to crack open.

Whether this is correct or not, I do not have the time right now to check it, 
as I'm on my way out of the door. But maybe you can try search for this. 

Also maybe run a backup before you try anything too, so you got extra 
redundancy before trying this out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e286746-956f-44df-a3d6-b2e78d45a233%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.