Mounted my first Luksbox, protected by a Yubikey.
-
@cryptax
Nice, i discover that project through your post.@FlUxIuS @Penthertz
Interesting project, i will try i soon.Thank you to both of you
-
Mounted my first Luksbox, protected by a Yubikey. Works very well.
Compared to Gocryptfs: you have support for FIDO2 keys.
Compared to veracrypt and truecrypt, the big advantage is you don't have to reserve x Gb for the encrypted partition.
#luks #encrypted #partition #volume #fido #crypt #file #linux
@cryptax There are machine learning algos that can unscramble this type of masking. I'd recommend using a full black box to cover it if this is actually important.
-
@cryptax There are machine learning algos that can unscramble this type of masking. I'd recommend using a full black box to cover it if this is actually important.
@return0media @cryptax the info is actually public, first is the Argonid params and second is the credid used by the fido2 device and can be regenerated. Even with credid and salt you will need the fido2 key at the end to attempt something. If you have it you'll need the pin/passphrase to authenticate
-
@return0media @cryptax the info is actually public, first is the Argonid params and second is the credid used by the fido2 device and can be regenerated. Even with credid and salt you will need the fido2 key at the end to attempt something. If you have it you'll need the pin/passphrase to authenticate
@Penthertz @return0media yes, you are right, but as @Penthertz replied, actually it's public info, I just didn't see the use of sharing it. It does not show the passphrase or the key or anything sensitive.
So feel free to break it if you wish
-
@return0media @cryptax the info is actually public, first is the Argonid params and second is the credid used by the fido2 device and can be regenerated. Even with credid and salt you will need the fido2 key at the end to attempt something. If you have it you'll need the pin/passphrase to authenticate
@Penthertz Ahhh very cool. Thanks for explaining it to me!
-
@Penthertz @gzobra @FlUxIuS I'm using it to
1) to store particularly sensitive files I don't need all the time. I suppose that's the most common use.
2) + to store malware: I mount the luksbox only when I'm working on them. It's an additional precaution.
-
@cryptax There are machine learning algos that can unscramble this type of masking. I'd recommend using a full black box to cover it if this is actually important.
@return0media by the way, I'm actually not certain the machine learning algos can recover the initial text when the pixel size is big enough.
But yes, I could have used a full black box instead.
-
@Penthertz @gzobra @FlUxIuS I'm using it to
1) to store particularly sensitive files I don't need all the time. I suppose that's the most common use.
2) + to store malware: I mount the luksbox only when I'm working on them. It's an additional precaution.
@cryptax @Penthertz @gzobra yeah and also reserving slots to other users, so you don't leak your own passphrases and you can revoke the pass if the vault is still safe but someone's key got phished. You have also paranoid mode : PQC + FIDO2+ TPM&PIN + deniable mode -> but that's a really specific mode
-
@cryptax @Penthertz @gzobra yeah and also reserving slots to other users, so you don't leak your own passphrases and you can revoke the pass if the vault is still safe but someone's key got phished. You have also paranoid mode : PQC + FIDO2+ TPM&PIN + deniable mode -> but that's a really specific mode
@FlUxIuS @Penthertz @gzobra oh ? you can share a vault with several users? that's really interesting!
-
@FlUxIuS @Penthertz @gzobra oh ? you can share a vault with several users? that's really interesting!
@cryptax @Penthertz @gzobra that's the double concept of slots
you can use them as backup or alternative key, but also to use a different key per user and the user can then update it's key. We could see your slots on the TUI, on the GUI it looks like that:
