The other big lesson here is that using a weak PIN to protect a strong key is difficult at best.
@mattblaze @stribika The only problem is that you have to remember a passphrase that you very-rarely use.
-
-
@stribika@mattblaze How do you implement a secure delay that can't be bypassed? Without early wipe, attacker has incentive to experiment. -
Tweet unavailable
-
@stribika@mattblaze Yes, clock seems like an external input that could be forged.
End of conversation
New conversation -
-
-
@RichFelker@mattblaze@stribika Can just have a separate password for decryption at boot from the unlock PIN. Accomplishes what you want. -
@RichFelker@mattblaze@stribika The rare use is a problem, but it would likely be once a month since it would be required after upgrades. -
@RichFelker@mattblaze@stribika They can still use the PIN to make an inner derived encryption key for online uses too (apps dirs, etc.).
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.