GBDE - howto 2 factor auth?

Aaron Peterson dopplecoder at
Thu Jun 30 21:58:02 GMT 2005

I've found a few placed where Poul-Henning Kamp mentions that gbde
will accept any byte string as a passphrase and that the design of
gbde also makes 2 factor authentication possible.  I took that to
understand that I might be able to use a file of random data from a
usb key (something I have) and a text passphrase (something I know) to
encrypt my partitions (which I also think Poul mentions somewhere).  I
can't find any documentation on how this might be accomplished though.
 The closest thing I've found was a mailing list message from a couple
years ago where someone had written a script to collect the
information and run it through md5 to create a single text string that
could be used on the command line with gbde and the -P/-p switches. 
With this md5 method, it seems (to my uneducated mind) that I'd be
taking all the randomness in the file and my passphrase and turning it
into a single fixed length string of lower case letters and numerals. 
Seems like there would be a better way.  Plus you're putting the
completed passphrase on the commandline where it can potentially be
seen/copied by ps, etc...

Does anyone else know the way this was intended to work?  Can I just
pipe the contents of a file to gbde and then it still prompts me for
text that it combines to use for my passphrase?  That would be nice if
it were that simple.

Please help :-)

More information about the freebsd-questions mailing list