From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dsci-exch01.dsci.com (dsci-exch01.dsci.com [146.145.222.28]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 15 Apr 2010 20:14:39 +0200 (CEST) Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 15 Apr 2010 14:04:38 -0400 Content-Type: multipart/signed; boundary="----=_NextPart_000_003A_01CADCA5.ED1BFF30"; protocol="application/x-pkcs7-signature"; micalg=SHA1 Message-ID: References: <20100412171540.GA3138@tansi.org><20100412175856.GA12353@fancy-poultry.org><20100413154850.GA19142@tansi.org><20100413193831.GA8772@fancy-poultry.org><4BC4CC14.6080408@redhat.com><20100414153050.GA3966@tansi.org> <4BC60CB2.8030902@gmail.com><20100414233054.GC9776@tansi.org> <20100415174418.GA12138@linux-m68k.org> From: "Vladimir Giszpenc" Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse(virtual keyboard) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Richard Zidlicky , Arno Wagner Cc: dm-crypt@saout.de This is a multi-part message in MIME format. ------=_NextPart_000_003A_01CADCA5.ED1BFF30 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit > On Thu, Apr 15, 2010 at 01:30:54AM +0200, Arno Wagner wrote: > > On Wed, Apr 14, 2010 at 08:42:58PM +0200, Olivier Sessink wrote: > > > Arno Wagner wrote: > > > > > > > > Well, while I do not really think the virtual keyboard will help > > to a larger degree, it may still raise security a bit. > > what would help a litle bit more in this scenario is getting the password > from a smartcard with a nice fully encrypted challenge response protocol. > > Richard Some smart cards can't store passwords, but... Using a smart card with a private key to decrypt and using the public key to encrypt instead of a password would go a long way to making LUKS more secure. This would allow me to encrypt a drive with someone's public key without having to share a password (or a separate key file). Note that I am talking about encrypting the master key in a LUKS partition and not the whole drive using dm-crypt. This would obviously require a change to the LUKS header format, but I think it would be very useful. Encrypting a key file is not the same as it requires me to either partition the (USB) drive (with the key file on a separate partition) or send it some other way. Basically, all possible authentication/authorization mechanisms should be available. If for some reason, I want to encrypt/decrypt my drive using an iris scan, it should be possible. Passwords are weak and are only something you know. I realize that most people don't have an iris scanner on their laptop, but a bunch already have finger print scanners so what I am describing is not that farfetched. Vlad ------=_NextPart_000_003A_01CADCA5.ED1BFF30 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILADCCBFow ggNCoAMCAQICEDSRGO0YiUe/Q9LSmk9iuT8wDQYJKoZIhvcNAQEFBQAwPjETMBEGCgmSJomT8ixk ARkWA2NvbTEUMBIGCgmSJomT8ixkARkWBGRzY2kxETAPBgNVBAMTCGRzY2kuY29tMB4XDTA2MTIx NDE5NDYyNloXDTExMTIxNDE5NTI0OFowPjETMBEGCgmSJomT8ixkARkWA2NvbTEUMBIGCgmSJomT 8ixkARkWBGRzY2kxETAPBgNVBAMTCGRzY2kuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAzVBuJNgZ/OKkl07tYinH+fvZUCKl+ViM6QfF5D0iFsFVkTxMRPJFT/qCdydmnpCj4qEi OsC9WO0p8dvNhCnUr78Bk5vJbyBi49NUdpy71TaQ8FjInA0m5DuzikgQ3fb4yrGR0uza7jRpWRbm 1XRZbtzH5Zt2fLLvWxhDKMeNJLuICTApHASaf0/Z2+fnZhAUaTtd5n8tsakWbqd75WRngOEe7dPu 1ECM8AmHHAcKFwD2g3u9d41U+BBVIo3PY6j7IzdFlAEai4Q1Q1aJRlZCKhvodQSkH0WZ3OOEjAYt gpdJWax9COGmTHvaw45F6G10iJX+aM/yN20yUYr3Ti8oFQIDAQABo4IBUjCCAU4wCwYDVR0PBAQD AgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGQ87qmwIG2jAabPqrv7TgUZDkoCMIH8BgNV HR8EgfQwgfEwge6ggeuggeiGgbBsZGFwOi8vL0NOPWRzY2kuY29tLENOPWRzY2ktZXhjaDAxLENO PUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0 aW9uLERDPWRzY2ksREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RD bGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIYzaHR0cDovL2RzY2ktZXhjaDAxLmRzY2kuY29tL0Nl cnRFbnJvbGwvZHNjaS5jb20uY3JsMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IB AQCbrgwPSnPxtjnVjl7RLjt1GFwEnK/kZTPbeWc8sVr+UY+0gx/swy8ffiT85L/Gy6V5VSAFY+SB SCGWiQsB5GU1ehQNyOpItDEo+tAKiEbr/kzIGadOaH2IDRq4lr1oHJ8JafmEhxa+7iZrYT7uXj1h 4kM0pgqHGG/u+9Mdyzuruq2RTApzj5P5AQJ5GJmjJspiEyQMtWz2tUizdVeszK1025vJ0OhGTdsZ PUeacm8/OdlF3jjENoqsMfQCMlXugWpKGHFXDjPlpcux34DxxiD/TBn5nMJjBoaRJvS+myl7Z6a0 4Eie9aigdFMutgBFvvq0lE2Ov/+9twMQVzU2VNUaMIIGnjCCBYagAwIBAgIKKewn2wAAAAABlzAN BgkqhkiG9w0BAQUFADA+MRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEZHNj aTERMA8GA1UEAxMIZHNjaS5jb20wHhcNMDkwNDI4MTkxNjU5WhcNMTAwNDI4MTkxNjU5WjB6MRMw EQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEZHNjaTEOMAwGA1UEAxMFVXNlcnMx GjAYBgNVBAMTEVZsYWRpbWlyIEdpc3pwZW5jMSEwHwYJKoZIhvcNAQkBFhJ2Z2lzenBlbmNAZHNj aS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ4mqOvmIQ1fbKjMpmHa6TUZ5K BiYaZFsRrH9NpOFcmE7Zb7DBZHSBz0K+EKO0JR7V7mPHVVn5APHbXwCg4uEniw8fiUMyF/7sjphF Jpd7UVZRP94TNpOPlclu290uSokru4yB+jTtkc/KVfsVtP7bfVDcb4yBZcudQCsvagz2Cc3gwDFt cxjmtkH55lfBA44UBJDQndUo3UTg56g1SBLwSKFeUO3+6d4Pem7yUiIcoTaN0CwJ92Ra963pWMV+ bKH/HpV64QmcN3QhQa7bjaxGGUgcPotI0w82V+2fON1iVgMjFozhEL+IORXqIytnGtnDoOoJXGeK aDQ8ig8uU8kLAgMBAAGjggNgMIIDXDAdBgNVHQ4EFgQUwcgIG53/LreV9DO3XvMf/CZseHgwHwYD VR0jBBgwFoAUZDzuqbAgbaMBps+qu/tOBRkOSgIwggEeBgNVHR8EggEVMIIBETCCAQ2gggEJoIIB BYaBsGxkYXA6Ly8vQ049ZHNjaS5jb20sQ049ZHNjaS1leGNoMDEsQ049Q0RQLENOPVB1YmxpYyUy MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZHNjaSxEQz1j b20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50hjNodHRwOi8vZHNjaS1leGNoMDEuZHNjaS5jb20vQ2VydEVucm9sbC9kc2NpLmNv bS5jcmyGG2h0dHA6Ly9kc2NpLmNvbS9jZXJ0ZW5yb2xsLzCCAQ4GCCsGAQUFBwEBBIIBADCB/TCB pAYIKwYBBQUHMAKGgZdsZGFwOi8vL0NOPWRzY2kuY29tLENOPUFJQSxDTj1QdWJsaWMlMjBLZXkl MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWRzY2ksREM9Y29tP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MFQGCCsG AQUFBzAChkhodHRwOi8vZHNjaS1leGNoMDEuZHNjaS5jb20vQ2VydEVucm9sbC9kc2NpLWV4Y2gw MS5kc2NpLmNvbV9kc2NpLmNvbS5jcnQwFwYJKwYBBAGCNxQCBAoeCABVAHMAZQByMAwGA1UdEwEB /wQCMAAwCwYDVR0PBAQDAgWgMCkGA1UdJQQiMCAGCisGAQQBgjcKAwQGCCsGAQUFBwMEBggrBgEF BQcDAjBBBgNVHREEOjA4oCIGCisGAQQBgjcUAgOgFAwSdmdpc3pwZW5jQGRzY2kuY29tgRJ2Z2lz enBlbmNAZHNjaS5jb20wRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcN AwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMA0GCSqGSIb3DQEBBQUAA4IBAQDBi3eHTOfjNiZA q0c4E+HD4nTqeOaY8ZGGCc8w916lm9p2UpCUyzaCOKGP2FevTJ00Ivji053TvVnc0YXzcKdVs1TA PDfmYbZUTX3V5l5WJmMPKhB+9+oX/r3Nnyp8K/u6mHdn/dAuWk2MGV9Yt1yrD21QQEq6Dam1jxw7 bUz9IhoZh8yxnxlVTBRp3UOelQqU7Ep8c0odoB49m0zwGJL1ibr6Dnqs4ZrAfWiEF25o8q1FrYyt oZXKVLlZvH2s3TgRZWjrfhV0b5aR0QxDgEc7971mcIP8pPMrBZDRhw6+x8cNYmVlTxyQNUJ0d4I3 fTEUgJ7ingcRV2oAeo8sNrtMMYIDSjCCA0YCAQEwTDA+MRMwEQYKCZImiZPyLGQBGRYDY29tMRQw EgYKCZImiZPyLGQBGRYEZHNjaTERMA8GA1UEAxMIZHNjaS5jb20CCinsJ9sAAAAAAZcwCQYFKw4D AhoFAKCCAdMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTAwNDE1 MTgxNDEzWjAjBgkqhkiG9w0BCQQxFgQU3CT4O2WySC7/87zcO0EKMVAND6UwWwYJKwYBBAGCNxAE MU4wTDA+MRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEZHNjaTERMA8GA1UE AxMIZHNjaS5jb20CCinsJ9sAAAAAAZcwXQYLKoZIhvcNAQkQAgsxTqBMMD4xEzARBgoJkiaJk/Is ZAEZFgNjb20xFDASBgoJkiaJk/IsZAEZFgRkc2NpMREwDwYDVQQDEwhkc2NpLmNvbQIKKewn2wAA AAABlzCBtwYJKoZIhvcNAQkPMYGpMIGmMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZI hvcNAwcwCwYJYIZIAWUDBAECMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMC BzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAsGCWCG SAFlAwQCATAKBggqhkiG9w0CBTANBgkqhkiG9w0BAQEFAASCAQA6wWCGbUPgOdKeTbejGbT6glQq 7303zoCm0I4LZMUX6lo5AZAeR7KLBm6CUuRwgsBjZbLL4f+qUfg0xwUZlsUm4+PAhmvhPlSUkcch jdhnoEquuIhwCN1oBMqyr95sYVWjCBjNrMTrozWLiGPkgj1+jyCQ9+3A3H3FC+UpMaXipA1/ebMf 5W0kuhyTyizwTB0zQmEFNIt+lpEfgjBEw/+tu2mjnrlYTYf/T4wS/tYntOJ2kIv6evC/72JpPEvl ofV1dy1hxmzEaNYoG+xh6XWXPyH3DxKoHKEmu3T5A/k51SSVMguUFo8N79MOjPtTdwytTz56qTY7 XTY9llvPLN0BAAAAAAAA ------=_NextPart_000_003A_01CADCA5.ED1BFF30--