On Wed, Oct 23, 2019 at 7:45 PM Normen Wohner <nor...@wohner.eu> wrote: > > To enable two factor encryption? > One passcode is in his head the other on a key. > If either is missing the data on drive is unreadable. > I don’t know what is hard to understand about it. > In an ideal world you’d use the manual passcode > to decrypt the keydisk and then the keydisk > to decrypt the fs. > You should also not be able to tell > whether the keydisk was in fact encrypted, > the bootloader should try and on failure ask > for a passcode, not expect there to be some > 'RSA-2048' written at the end. > It’s hard for me to understand why nobody asked for this sooner. >
You could just use a passphrase on the original disk to the same effect. No sense over-complicating things. > > Am 22.10.2019 um 23:43 schrieb Aaron Mason <simplersolut...@gmail.com>: > > > > On Wed, Oct 23, 2019 at 5:11 AM List <l...@md5collisions.eu> wrote: > >> > >> I'm sorry I might have not been so clear about it. I meant a way to > >> encrypt the actual keydisk with a passphrase. > >> > >> On 2019-10-18 13:34, Jan Stary wrote: > >>>>>> On Wednesday, October 16, 2019 11:06 PM, List <l...@md5collisions.eu> > >>>>>> wrote: > >>>>>>> I was wondering if there is a reason for the lack of keydisk > >>>>>>> encryption. > >>> $ man bioctl > >>> # bioctl -h -v -c C ... > >>> > >> > > > > To what end? At some point you're going to have to store the > > passphrase somewhere it can be easily read, and all you've really > > achieved is a way to, at best, slow down a potential attacker. > > > > -- > > Aaron Mason - Programmer, open source addict > > I've taken my software vows - for beta or for worse > > > (NOTE: Just realised I sent this directly to Normen rather than the list. Sorry for the noise, Normen.) -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse