Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve docs #11

Open
Fry-kun opened this issue Sep 27, 2016 · 0 comments
Open

Improve docs #11

Fry-kun opened this issue Sep 27, 2016 · 0 comments

Comments

@Fry-kun
Copy link

Fry-kun commented Sep 27, 2016

I'm trying to understand the principle of operation, but there are some gaps in my understanding.
Please correct me if I'm wrong

1: Joe Average might not understand the config options for ykfde because LUKS key slots are not exactly obvious after default setup (maybe Fedora makes it too easy?)

Suggested doc edit: add a sentence or two about LUKS keys before explaining configs.
E.g.: LUKS keeps disk encryption key internally but allows up to 8 slots to be configured so different users could unlock the disk with different passphrases. ykfde generates the key from Yubikey [+ user's passphrase (optional)]

Followup question: why should ykfde be limited to a specific slot? Default LUKS will try all slots with the given passphrase until one unlocks or all of them fail. Why not do the same thing?

2: In ykfde, "2nd factor" seems to mean a passphrase.. that's kind of confusing to a new user.

Suggested doc edit: change mentions of "2nd factor" to "ykfde passphrase".

3: It's not immediately obvious that main purpose of "ykfde" executable is to generate a new challenge and update the LUKS slot passphrase.
Suggest adding a sentence to --help description (since there's no man page).

3.5: Non-2nd factor mode is basically same thing as 2nd factor, but using a blank passphrase.

Suggest removing mention of 2nd factor from config file. Instead, it's easier to simply ask the user for a passphrase on every run of ykfde (if interactive shell is detected) -- and allow it to be entered as blank. If no interactive shell detected or using a switch (e.g. "-no-passphrase") then use no-passphrase mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant