[systemd-devel] systemd-crypttab: FIDO2 and passwords
Christian Kastner
ckk at debian.org
Sun Mar 7 18:24:30 UTC 2021
Am I reading [1] directly in that the FIDO2 is intended to be as 1FA?
If so, would you be open to a feature request on GitHub which adds a
password into the mix?
This is currently possible using eg: fido2luks [2]. Note that fido2luks
uses the password twice [3], before and after the FIDO2 operation, which
I assume is to deter side-channel attacks (USB sniffing).
Christian
[1] https://www.freedesktop.org/software/systemd/man/crypttab.html
[2] https://github.com/shimunn/fido2luks
[3] https://github.com/shimunn/fido2luks/#theory-of-operation
More information about the systemd-devel
mailing list