As an errata of sorts to my #LibrePlanet2019 talk---I think I said "GNU/Linux running on the proprietary Windows kernel", when Linux isn't involved---it's GNU/kWindows. Microsoft wrote a compatibility layer that translates Linux syscalls, so programs compiled _for_ GNU/Linux run atop of the Windows kernel. See for more information.

I also forgot to mention for the 2FA password manager example that storing long-term secrets using asymmetric ciphers isn't a good idea; you should use symmetric keys for that. Fortunately, pass{words,phrases} (as I demonstrated in the talk) aren't long-term secrets---they're easily changed. But you can easily do _both_ asymmetric for 2FA with a smartcard and symmetric by adding another GPG invocation to the pipeline.

More to come (including repository of the source code for the slides, as well as notes) within the next day or so. Slides are at Thanks to all those who attended and watched online. Feedback/criticism welcome. I simplified my talk a lot in case the audience wasn't technical but I also didn't want to simplify it too much in case the audience was full of hackers. The intent was to just provide some exposure to the concepts for further research by attendees.

@mikegerwitz I liked the 2FA idea and think I may implement something like it. Do you keep the master copy at home? Is there a cohost option you trust?

· · Tootle for Mastodon · 1 · 0 · 0
@mnw Thanks for the feedback.

I keep a master copy on a server hosted at my house. This also makes it easy to share a password database with my wife (encrypted with both my key and a key I generated for her). But I just have her open it with Emacs over SSH, which decrypts it automatically. Obviously there are more risks associated with that, but it's easy for her to manage, meaning she'll actually use it (it's an Org mode document).

Regarding trust: you don't need to trust the host if we change the pipeline a little bit. If you just run `ssh your-host cat db.gpg | gpg --decrypt | ...`, the plaintext is never visible to the server because it's decrypted client-side. This uses more bandwidth, but it means that you can host it anywhere. Also note that if your device is compromised, it'll have access to the entire plaintext of the database.

Just be mindful that you'll have to make sure you choose a strong passphrase or use a randomly generated symmetric key that you store on your local device. If you're using asymmetric encryption, then your database may become compromised in the future, which may or may not matter depending on the secrets. For example, I don't think GnuPG supports any post-quantum secure asymmetric algorithms yet (and they're still an area of research), but maybe other command line utilities do.
@mnw Oh and when accessing my password database remotely over SSH, e.g. at a hotel, I use Tor for additional privacy (`torify ssh`); I posted about that a couple of days ago.

@mikegerwitz thank you so much! I’m excited to finally have a way off of my proprietary option.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko