Re: [Libreboot] Password protected Grub entries

[Daniel Tarrero]

Seriously:
***********
If you care about being watched, i would recommend something like a Yubi
key (it's a usb keyboard emulator that repeats your passphrase with only
press a button; that can turn you on). Also can be configured with
complex algorithms (one-time-passwords and so), but this will be hard to
implement at boot time.

Save pass on a secure environment, use it everywhere, renew password in
laptop and key when in a secure place.


Friday fun:
***********
the bathroom idea made me smile! :)

If you take me to this level of paranoia, when some word in my head is
the path to the secret information... i will "cover my head".

just for laught and thoughts
http://xkcd.com/538/

So we can argue that security meassures can be right or wrong if they
reach what they plan. But also have in account the "kind of secret" and
"from who". With that in mind, we can also flag security meassures as
overract, propper, or insufficient.

let's free the paranoia for everyone! :)

Typing in the bath sounds good, but I wont take it as a safe protocol,
because if you _always_ type it in the bath, maybe "your thief" doesnt
care about your privacy nor your data, and wont care about seeing you
naked!
Pseudo-random places (from a previously selected places) sounds better
to me, having in account that possible leaks are performed throught
light/vision and/or waves/sound. Took a place where this cant be easyly
meassured... maybe the elevator or the corridor one floor below yours is
a safer place :?

then i guess we need "sofisticated meassures"
http://www.wouldyoubelieve.com/cone.html :)


Have a nice weekend folks!
D 


El jue, 28-05-2015 a las 12:52 +0200, Robert Alessi escribió:
> On Thu, May 28, 2015 at 10:11:21AM +0000, address@hidden wrote:
> > > Because even on this second libreboot system, you have to type your
> > > passphrase under the eyes of everyone.  Unless you have no important
> > > data on this second system, I think it matters.
> > 
> > You still can do this (image attached) or go somewhere else to type in
> > your password, which I do all the time. If I can't, I won't use the
> > laptop because I can't memorize this password lengths every 2 days.
> 
> No kidding, this is what I do!  At home, I go in a closet to type in
> my passphrase.  Passphrases are very hard to memorize: I use the
> Diceware method which I find useful.  As I am paranoid too, I try to
> memorize at least 9 words.
> 
> > You should keep in mind that the password can be guessed by the sound
> > your keyboard makes (no idea how to avoid this other than typing very
> > softly, slowly and not on a mechanical keyboard) and in the reflections
> > of your eyes with a pretty standard camera (proven by the CCC in 2014),
> > easily circumvented by not looking at the keyboard while typing.
> 
> I was aware that mechanical keyboards were one of the most common
> flaws in computer security, but I had no idea that footages of my eyes
> might give away my passphrase! Gosh!
> 
> > If you're as paranoid as I am, you'll also close the curtains when
> > typing the password at home if your room has windows.
> 
> Indeed I do.
>