From owner-freebsd-questions@FreeBSD.ORG Thu Jun 30 21:58:02 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50BEB16A41C for ; Thu, 30 Jun 2005 21:58:02 +0000 (GMT) (envelope-from dopplecoder@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B5CB43D1F for ; Thu, 30 Jun 2005 21:58:02 +0000 (GMT) (envelope-from dopplecoder@gmail.com) Received: by zproxy.gmail.com with SMTP id z6so113825nzd for ; Thu, 30 Jun 2005 14:58:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=lSmDy6cnDnb8ZoMZ1fOraFz1v3n/NfiJ+EseJ4K2ktiSdYd3UHWQYk5cVPMHHUSPnKkxzed0JF4/4/Zsv8FRB/jjAfN5wKnh3jkcomEPPxQCrYLiWm1ucya+sd/Hr/pKkKKO5t8I0/R/fznvJ/SrOG9/LflCtx3TB2p4ZVwW064= Received: by 10.36.221.60 with SMTP id t60mr549003nzg; Thu, 30 Jun 2005 14:51:13 -0700 (PDT) Received: by 10.36.86.5 with HTTP; Thu, 30 Jun 2005 14:51:13 -0700 (PDT) Message-ID: <45d750d2050630145161e52da6@mail.gmail.com> Date: Thu, 30 Jun 2005 17:51:13 -0400 From: Aaron Peterson To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: GBDE - howto 2 factor auth? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Aaron Peterson List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 21:58:02 -0000 I've found a few placed where Poul-Henning Kamp mentions that gbde will accept any byte string as a passphrase and that the design of gbde also makes 2 factor authentication possible. I took that to understand that I might be able to use a file of random data from a usb key (something I have) and a text passphrase (something I know) to encrypt my partitions (which I also think Poul mentions somewhere). I can't find any documentation on how this might be accomplished though. The closest thing I've found was a mailing list message from a couple years ago where someone had written a script to collect the information and run it through md5 to create a single text string that could be used on the command line with gbde and the -P/-p switches.=20 With this md5 method, it seems (to my uneducated mind) that I'd be taking all the randomness in the file and my passphrase and turning it into a single fixed length string of lower case letters and numerals.=20 Seems like there would be a better way. Plus you're putting the completed passphrase on the commandline where it can potentially be seen/copied by ps, etc... Does anyone else know the way this was intended to work? Can I just pipe the contents of a file to gbde and then it still prompts me for text that it combines to use for my passphrase? That would be nice if it were that simple. Please help :-)