You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to understand the principle of operation, but there are some gaps in my understanding.
Please correct me if I'm wrong
1: Joe Average might not understand the config options for ykfde because LUKS key slots are not exactly obvious after default setup (maybe Fedora makes it too easy?)
Suggested doc edit: add a sentence or two about LUKS keys before explaining configs.
E.g.: LUKS keeps disk encryption key internally but allows up to 8 slots to be configured so different users could unlock the disk with different passphrases. ykfde generates the key from Yubikey [+ user's passphrase (optional)]
Followup question: why should ykfde be limited to a specific slot? Default LUKS will try all slots with the given passphrase until one unlocks or all of them fail. Why not do the same thing?
2: In ykfde, "2nd factor" seems to mean a passphrase.. that's kind of confusing to a new user.
Suggested doc edit: change mentions of "2nd factor" to "ykfde passphrase".
3: It's not immediately obvious that main purpose of "ykfde" executable is to generate a new challenge and update the LUKS slot passphrase.
Suggest adding a sentence to --help description (since there's no man page).
3.5: Non-2nd factor mode is basically same thing as 2nd factor, but using a blank passphrase.
Suggest removing mention of 2nd factor from config file. Instead, it's easier to simply ask the user for a passphrase on every run of ykfde (if interactive shell is detected) -- and allow it to be entered as blank. If no interactive shell detected or using a switch (e.g. "-no-passphrase") then use no-passphrase mode.
The text was updated successfully, but these errors were encountered:
I'm trying to understand the principle of operation, but there are some gaps in my understanding.
Please correct me if I'm wrong
1: Joe Average might not understand the config options for ykfde because LUKS key slots are not exactly obvious after default setup (maybe Fedora makes it too easy?)
Suggested doc edit: add a sentence or two about LUKS keys before explaining configs.
E.g.: LUKS keeps disk encryption key internally but allows up to 8 slots to be configured so different users could unlock the disk with different passphrases. ykfde generates the key from Yubikey [+ user's passphrase (optional)]
Followup question: why should ykfde be limited to a specific slot? Default LUKS will try all slots with the given passphrase until one unlocks or all of them fail. Why not do the same thing?
2: In ykfde, "2nd factor" seems to mean a passphrase.. that's kind of confusing to a new user.
Suggested doc edit: change mentions of "2nd factor" to "ykfde passphrase".
3: It's not immediately obvious that main purpose of "ykfde" executable is to generate a new challenge and update the LUKS slot passphrase.
Suggest adding a sentence to --help description (since there's no man page).
3.5: Non-2nd factor mode is basically same thing as 2nd factor, but using a blank passphrase.
Suggest removing mention of 2nd factor from config file. Instead, it's easier to simply ask the user for a passphrase on every run of ykfde (if interactive shell is detected) -- and allow it to be entered as blank. If no interactive shell detected or using a switch (e.g. "-no-passphrase") then use no-passphrase mode.
The text was updated successfully, but these errors were encountered: