Re: [Tails-dev] Adding KeepassX to Tails Startup; can it be …

Delete this message

Reply to this message
Author: madx
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Adding KeepassX to Tails Startup; can it be done!
Thanks for the reply Peter,

I should say it this way maybe:) Presently there is no way to enter a
huge password other then memorizing or having it written down. There
should be a way to enter a password key-file to open tails too. Having a
hidden file to open the drive is an extra security step that only the
end-user would know is there.

Another bigger issue that should be considered is: Implementing a
failsafe mechanism that wipes the persistent drive if a number of failed
attempts are made.

I really think that type of protection is needed. Say after 5 failed
attempts it locks a user for an hour and after 8 failed attempts it
wipes the drive totally.

Thank you for reading Peter,

Anthony

On 2016-02-29 08:05, Peter N. Glaskowsky wrote:
>> On Feb 28, 2016, at 11:31 PM, madx@??? wrote:
>> ...
>> The first “C.L.P.P.S” password should be one the End-user has
>> memorized. From there they can either open the tails persistent volume
>> or they can open a second C.L.P.P.S Database. From there the
>> password that opens the persistent volume should be in upwards of ten
>> to twenty thousand characters.
>
> If a short password is used to unlock a keychain that contains a
> longer password,
>
> A) the net security of the system is still constrained by the entropy
> in the short password, and
>
> B) there is absolutely ZERO benefit to storing a long password in text
> form that will immediately be hashed down to a binary key for a bulk
> cipher. Just store the binary key.
>
> Best regards,
>
> .                  png