Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:31 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: TrueCrypt Auto Mount
PostPosted: Fri Oct 08, 2010 3:10 am 
Offline

Joined: Sat Oct 02, 2010 11:27 pm
Posts: 4
Do I miss understand automount? I create a file container, use Yubikey. I can mount it find but auto-mount devices it says wrong password or no volume found.

How do I get prompted on login to put Yubikey when I login?

Also, how do I set the static password for Yubikey? I might wanna have a second one to keep off my keys around the house and the other on my keychain.

Thank you,
Eric Vogel


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Fri Jan 28, 2011 2:34 am 
Offline

Joined: Sat Jul 17, 2010 8:23 am
Posts: 8
Location: Oregon, USA
unfortunately, Truecrypt does not support the Yubikey right now (unless you are using a static password, in which case almost everything supports it).

If you download the Yubikey configuration tool, you can easily set a static password into its second slot

_________________
My Website
Yubikey Login mod for phpBB


Top
 Profile  
Reply with quote  
 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Sat Feb 05, 2011 5:34 am 
Offline

Joined: Sat Feb 05, 2011 1:29 am
Posts: 8
OK, so you set a static passcode, and anyone and their uncle can launch it since this doesn't actually scan for a certain fingerprint.

How is this not a security issue?


Top
 Profile  
Reply with quote  
 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Sat Feb 05, 2011 9:47 am 
Offline

Joined: Wed Aug 19, 2009 11:31 am
Posts: 11
Jafo_Jeeper wrote:
OK, so you set a static passcode, and anyone and their uncle can launch it since this doesn't actually scan for a certain fingerprint.

How is this not a security issue?


Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have

//A


Top
 Profile  
Reply with quote  
 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Wed Aug 31, 2011 6:19 pm 
Offline

Joined: Sat Feb 05, 2011 1:29 am
Posts: 8
Thought I'd already replied to this-

Thanks for setting off the lightbulb in my head. LOVE this thing!


Top
 Profile  
Reply with quote  
 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Sun Apr 22, 2012 8:41 pm 
Offline

Joined: Sun Apr 22, 2012 8:35 pm
Posts: 3
Quote:
Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have


This is not true multi-factor authentication: "something the user knows" and "something the user has." If the system is compromised (keylogger) the infiltrator now knows the entire sequence and can access the encrypted drive without the Yubikey present.

We have successfully made the password more difficult to brute force (likely scenario) and/or if the Yubikey is destroyed one cannot be forced to enter the password (unlikely scenario.) If only we could protect from keyloggers, which I believe is the most likely scenario.


Top
 Profile  
Reply with quote  
 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Sun Apr 22, 2012 9:35 pm 
Offline

Joined: Wed Jul 13, 2011 3:44 pm
Posts: 6
melcron wrote:
Quote:
Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have


This is not true multi-factor authentication: "something the user knows" and "something the user has." If the system is compromised (keylogger) the infiltrator now knows the entire sequence and can access the encrypted drive without the Yubikey present.

We have successfully made the password more difficult to brute force (likely scenario) and/or if the Yubikey is destroyed one cannot be forced to enter the password (unlikely scenario.) If only we could protect from keyloggers, which I believe is the most likely scenario.


If you are using system level Truecrypt encryption of the whole of the hard disk, I don't think there is any mechanism for a keylogger to be active at that point, mainly because you have only just jumped from the BIOS into the password prompt issued by the Truecrypt Boot Loader.

Z.


Top
 Profile  
Reply with quote  
 Post subject: Re: TrueCrypt Auto Mount
PostPosted: Mon Apr 23, 2012 9:49 am 
Offline

Joined: Sun Apr 22, 2012 8:35 pm
Posts: 3
Quote:
If you are using system level Truecrypt encryption of the whole of the hard disk, I don't think there is any mechanism for a keylogger to be active at that point, mainly because you have only just jumped from the BIOS into the password prompt issued by the Truecrypt Boot Loader.


As the OP mentioned the use of auto-mount I assumed he was not using whole disk encryption. There are cases in which a user wants to encrypt a partition or file container separate from their operating system, that way the computer is functional while more private data is stored safely away.

Although for my laptop a yubikey with a static password and full disk encryption would be great... and this thread prompted me to read more about the issue and realize that the performance impact isn't as dramatic as I thought.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group