Yubico Forum

Re: TrueCrypt Auto Mount

2012-04-23T09:49:32+01:00

Quote:

If you are using system level Truecrypt encryption of the whole of the hard disk, I don't think there is any mechanism for a keylogger to be active at that point, mainly because you have only just jumped from the BIOS into the password prompt issued by the Truecrypt Boot Loader.

As the OP mentioned the use of auto-mount I assumed he was not using whole disk encryption. There are cases in which a user wants to encrypt a partition or file container separate from their operating system, that way the computer is functional while more private data is stored safely away.

Although for my laptop a yubikey with a static password and full disk encryption would be great... and this thread prompted me to read more about the issue and realize that the performance impact isn't as dramatic as I thought.

Statistics: Posted by melcron — Mon Apr 23, 2012 9:49 am

Re: TrueCrypt Auto Mount

2012-04-22T21:35:56+01:00

melcron wrote:

Quote:

Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have

This is not true multi-factor authentication: "something the user knows" and "something the user has." If the system is compromised (keylogger) the infiltrator now knows the entire sequence and can access the encrypted drive without the Yubikey present.

We have successfully made the password more difficult to brute force (likely scenario) and/or if the Yubikey is destroyed one cannot be forced to enter the password (unlikely scenario.) If only we could protect from keyloggers, which I believe is the most likely scenario.

Statistics: Posted by zardoz — Sun Apr 22, 2012 9:35 pm

Re: TrueCrypt Auto Mount

2012-04-22T20:41:03+01:00

Quote:

Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have

Statistics: Posted by melcron — Sun Apr 22, 2012 8:41 pm

Re: TrueCrypt Auto Mount

2011-08-31T18:19:12+01:00

Thought I'd already replied to this-

Thanks for setting off the lightbulb in my head. LOVE this thing!

Statistics: Posted by Jafo_Jeeper — Wed Aug 31, 2011 6:19 pm

Re: TrueCrypt Auto Mount

2011-02-05T09:47:20+01:00

Jafo_Jeeper wrote:

OK, so you set a static passcode, and anyone and their uncle can launch it since this doesn't actually scan for a certain fingerprint.

How is this not a security issue?

Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have

//A

Statistics: Posted by andlil — Sat Feb 05, 2011 9:47 am

Re: TrueCrypt Auto Mount

2011-02-05T05:34:25+01:00

OK, so you set a static passcode, and anyone and their uncle can launch it since this doesn't actually scan for a certain fingerprint.

How is this not a security issue?

Statistics: Posted by Jafo_Jeeper — Sat Feb 05, 2011 5:34 am

Re: TrueCrypt Auto Mount

2011-01-28T02:34:43+01:00

unfortunately, Truecrypt does not support the Yubikey right now (unless you are using a static password, in which case almost everything supports it).

If you download the Yubikey configuration tool, you can easily set a static password into its second slot

Statistics: Posted by modelrockettier — Fri Jan 28, 2011 2:34 am

TrueCrypt Auto Mount

2010-10-08T03:10:41+01:00

Do I miss understand automount? I create a file container, use Yubikey. I can mount it find but auto-mount devices it says wrong password or no volume found.

How do I get prompted on login to put Yubikey when I login?

Also, how do I set the static password for Yubikey? I might wanna have a second one to keep off my keys around the house and the other on my keychain.

Thank you,
Eric Vogel

Statistics: Posted by Eric Vogel — Fri Oct 08, 2010 3:10 am