undefined | Better HN

0 pointsbeagle310y ago0 comments

How does the yubikey hard drive encryption work?

0 comments

Well the encryption is just standard luks. You can do it 2 ways (or 3 if you want to be fancy).

The simplest way is just to do a long static password and combine it with your normal password. So you type '1234' and then hit the yubikey button. The problem with this is that temporary access to your yubikey allows somebody to steal your static password.

The better way is to use the Challange-Response mode that send your password, the Yubikey sends back a hash (HMAC-SHA1).

Their is very new way that you can use that uses time based authenication, but this was just presented at 32C3, see: Beyond Anti Evil Maid [32c3]

j / k navigate · click thread line to collapse

0 comments

nickik10y ago

Well the encryption is just standard luks. You can do it 2 ways (or 3 if you want to be fancy).

The better way is to use the Challange-Response mode that send your password, the Yubikey sends back a hash (HMAC-SHA1).

Their is very new way that you can use that uses time based authenication, but this was just presented at 32C3, see: Beyond Anti Evil Maid [32c3]

j / k navigate · click thread line to collapse