-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TrueCrypt support OpenPGP Card #23
Comments
One problem I can see with this workflow is that a physical key (being Personally I do like the idea of having a smartcard/pgp card as a 2FA [1] On Fri, Mar 11, 2016 at 10:01 AM, Hatter Jiang notifications@github.com
|
First, the feature I propose is not encrypting the passphrase, but encrypting the (truly randomly generated) volume key using a smart card. Instead of deriving that key from a passphrase. Second, I had PIV cards in mind, though OpenPGP support would be fine too. Finally, not every threat model has court orders as its highest risk. Plus, smart cards usually are PIN- or password-protected, and I'm sure one can plead the 5th for that PIN exactly the same way one would for the volume password of TrueCrypt. |
Forgot to mention that smart cards usually lock after some very small number of failed attempts to enter PIN. Most people,set it between 5 and 10. Official policies (such as German standard) fix it at 3. So while technically it may be possible to extract the secret from a smart card - in practice the probability of success is nil. |
TrueCrypt Development has been moved to CipherShed: Lets move the discussion over there: |
What about this idea, the password for TrueCrypt protected by OpenPGP Card, then mount a TrueCrypt disk will like this:
About OpenPGP Card: https://en.wikipedia.org/wiki/OpenPGP_card
The text was updated successfully, but these errors were encountered: