GBDE - howto 2 factor auth?
dopplecoder at gmail.com
Thu Jun 30 21:58:02 GMT 2005
I've found a few placed where Poul-Henning Kamp mentions that gbde
will accept any byte string as a passphrase and that the design of
gbde also makes 2 factor authentication possible. I took that to
understand that I might be able to use a file of random data from a
usb key (something I have) and a text passphrase (something I know) to
encrypt my partitions (which I also think Poul mentions somewhere). I
can't find any documentation on how this might be accomplished though.
The closest thing I've found was a mailing list message from a couple
years ago where someone had written a script to collect the
information and run it through md5 to create a single text string that
could be used on the command line with gbde and the -P/-p switches.
With this md5 method, it seems (to my uneducated mind) that I'd be
taking all the randomness in the file and my passphrase and turning it
into a single fixed length string of lower case letters and numerals.
Seems like there would be a better way. Plus you're putting the
completed passphrase on the commandline where it can potentially be
seen/copied by ps, etc...
Does anyone else know the way this was intended to work? Can I just
pipe the contents of a file to gbde and then it still prompts me for
text that it combines to use for my passphrase? That would be nice if
it were that simple.
Please help :-)
More information about the freebsd-questions