[systemd-devel] systemd-crypttab: FIDO2 and passwords

Christian Kastner ckk at debian.org
Sun Mar 7 18:24:30 UTC 2021


Am I reading [1] directly in that the FIDO2 is intended to be as 1FA?

If so, would you be open to a feature request on GitHub which adds a
password into the mix?

This is currently possible using eg: fido2luks [2]. Note that fido2luks
uses the password twice [3], before and after the FIDO2 operation, which
I assume is to deter side-channel attacks (USB sniffing).

Christian

[1] https://www.freedesktop.org/software/systemd/man/crypttab.html

[2] https://github.com/shimunn/fido2luks

[3] https://github.com/shimunn/fido2luks/#theory-of-operation


More information about the systemd-devel mailing list