My volumes are PLAIN dm-crypt encrypted (i.e. LUKS without the LUKS bells and whistles) and the key is stored on my Vivokey Flex implant.
I mount them using scripts that combine crypsetup and vivokey_pam, with the ubiquitous ACR122U RFID reader: the systemd service file calls my script, I present my implant to the reader and voila: the volume is mounted.
Even more impressive when someone lops his hand off and presents it to the machine and gains access to his multiple gigabytes of Stallman x Jobs fanfic.
That implant needs to be the second factor so that the bad guys also need a wrench.
My volumes are PLAIN dm-crypt encrypted (i.e. LUKS without the LUKS bells and whistles) and the key is stored on my Vivokey Flex implant.
I mount them using scripts that combine crypsetup and vivokey_pam, with the ubiquitous ACR122U RFID reader: the systemd service file calls my script, I present my implant to the reader and voila: the volume is mounted.
Geez this guy secures. Impressive
Even more impressive when someone lops his hand off and presents it to the machine and gains access to his multiple gigabytes of Stallman x Jobs fanfic.
That implant needs to be the second factor so that the bad guys also need a wrench.