Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upAEM - Make Anti Evil Maid resistant against shoulder surfing and video surveillance #3298
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Nov 9, 2017
Member
keywords: TPM, TOTP, HOTP
Leaving some stuff here that may be helpful.
- Anti Evil Maid 2 Turbo Edition - https://mjg59.dreamwidth.org/35742.html
- https://github.com/mjg59/tpmtotp //cc @mjg59
- https://www.privacyidea.org
adrelanos
commented
Nov 9, 2017
•
edited
Edited 1 time
-
adrelanos
edited Nov 9, 2017 (most recent)
edited
-
Nov 9, 2017 (most recent)
|
keywords: TPM, TOTP, HOTP Leaving some stuff here that may be helpful.
|
andrewdavidwong
added
C: other
enhancement
labels
Nov 9, 2017
andrewdavidwong
added this to the Far in the future milestone
Nov 9, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
rustybird
Nov 9, 2017
That's essentially PR QubesOS/qubes-antievilmaid#20, so the Far in the future milestone might be a bit too pessimistic - fingers crossed. ;)
rustybird
commented
Nov 9, 2017
|
That's essentially PR QubesOS/qubes-antievilmaid#20, so the |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andrewdavidwong
Nov 10, 2017
Member
That's essentially PR QubesOS/qubes-antievilmaid#20, so the Far in the future milestone might be a bit too pessimistic - fingers crossed. ;)
Ah, thanks. Based on this comment, it sounds like the feature would be in 4.1 at the earliest. Changing milestone.
Ah, thanks. Based on this comment, it sounds like the feature would be in 4.1 at the earliest. Changing milestone. |
andrewdavidwong
modified the milestones:
Far in the future,
Release 4.1
Nov 10, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Feb 23, 2018
Member
This has been implemented in QubesOS/qubes-antievilmaid#20 just this ticket not closed yet, right? @rustybird
|
This has been implemented in QubesOS/qubes-antievilmaid#20 just this ticket not closed yet, right? @rustybird |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
rustybird
commented
Feb 23, 2018
|
Right! |
adrelanos commentedNov 9, 2017
Make Anti Evil Maid resistant against shoulder surfing and video surveillance
Project: Observing the user during early boot should not be sufficient to defeat the protection offered by Anti Evil Maid.
Brief explanation:
Implement optional support for time-based one-time-password seed secrets. Instead of verifying a static text or picture (which the attacker can record and replay later on a compromised system), the user would verify an ephemeral six-digit code displayed on another device, e.g. a smartphone running any Google Authenticator compatible code generator app.
Implement optional support for storing a passphrase-encrypted LUKS disk decryption key on a secondary AEM device. The attacker would then have to seize this device in order to decrypt the user's data; just recording the passphrase as it is entered would no longer be enough.
Expected results: AEM package updates implementing both features, with fallback support in case the user does not have their smartphone or secondary AEM device at hand. Good UX and documentation for enrolling or upgrading users.
Knowledge prerequisite:
Mentor: Rusty Bird (@rustybird)
Not written by me. Copying this in here so comments can be left.
Source - Qubes Google Sumer of Code (GSoC) page:
https://www.qubes-os.org/gsoc/