Conversation
Notices
-
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:06:01 JST Angry Sun
Is there anything on Linux equivalent to MacOS keyring that secures credentials using the TPM -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:09:34 JST Angry Sun
@fiore it's a chip on the motherboard that is a secure place to store secrets, like passwords and keys -
Embed this notice
φ (fiore@brain.worm.pink)'s status on Wednesday, 10-Jul-2024 01:09:36 JST φ
@sun whats the tpm
-
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:09:57 JST Angry Sun
@coolbean this is not quite the same thing. -
Embed this notice
omen of instance annihilation (coolbean@brain.worm.pink)'s status on Wednesday, 10-Jul-2024 01:09:58 JST omen of instance annihilation
@sun https://blastrock.github.io/fde-tpm-sb.html -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:17:08 JST Angry Sun
@mia I am pondering building something for a business but it would be stuck on only windows and macos because they have tpm keyring support, but I would love to support linux also. In conversation permalink -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Wednesday, 10-Jul-2024 01:17:10 JST miauz genyau
@sun it can be used for some things like SSH, GPG and disk encryption
i’m not sure if any DE keyring services support them though.
in general i would strongly advise against using them on PCs because they tend to be buggy and unreliable, may not be all that secure, and sometimes firmware updates just wipe everythingIn conversation permalink Haelwenn /элвэн/ :triskell: and Angry Sun like this. -
Embed this notice
Terry Hendrix II 🏹 (thendrix@social.hendrixgames.com)'s status on Wednesday, 10-Jul-2024 01:18:16 JST Terry Hendrix II 🏹
Best I can do is these text files and user disk permissions. No additional memory protection either.
In conversation permalink Angry Sun likes this. -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:20:38 JST Angry Sun
@mia I just realized also potentially could utilize yubikey. I'l read about that. In conversation permalink -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Wednesday, 10-Jul-2024 01:22:03 JST miauz genyau
@sun right… i have not looked into TPM support in desktop environments
mostly because i’ve had some bad experiences with PC TPMs, and because i cannot trust them to be any more secure than self-encrypting drives (Opal spec) because PC hardware vendors are really bad at firmwareIn conversation permalink Haelwenn /элвэн/ :triskell: and Angry Sun like this. -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Wednesday, 10-Jul-2024 01:24:21 JST miauz genyau
@sun (the fun part about those self-encrypting drives is that afaik windows bitlocker will always use their built-in encryption and you can’t force it to use software crypto)
In conversation permalink Haelwenn /элвэн/ :triskell: and Angry Sun like this. -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:25:10 JST Angry Sun
@mia version 0.99 of whatever I build will probably only run on MacOS lol In conversation permalink -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Wednesday, 10-Jul-2024 01:28:12 JST miauz genyau
@sun hardware security keys are probably a good idea because they typically need user presence confirmation (which can also be biometric) and key material should be safe from extraction
In conversation permalink Angry Sun likes this. -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:32:52 JST Angry Sun
@mia tonight I will be looking if it's possible to do what I want. In conversation permalink -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Wednesday, 10-Jul-2024 01:32:54 JST miauz genyau
@sun they can also be used either as an additional factor or as a replacement for password authentication
In conversation permalink -
Embed this notice
Hildegunst von Mythenmetz of programming (condret@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:35:27 JST Hildegunst von Mythenmetz of programming
@sun why would you trust the tpm In conversation permalink -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:35:27 JST Angry Sun
@condret nothing is perfectly secure but it is objectively more secure than not having one In conversation permalink -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Wednesday, 10-Jul-2024 01:37:04 JST miauz genyau
@sun hmu if you have any questions about linux stuff. ime asking about it on fedi or in other communities will get you a lot of replies from people who both ignore your requirements and suggest things that barely work; i’ll try not to do that :neofox_floof_happy:
In conversation permalink Haelwenn /элвэн/ :triskell: and Angry Sun like this. -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 01:38:01 JST Angry Sun
@mia I appreciate that, thank you. In conversation permalink -
Embed this notice
mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius: (mangeurdenuage@shitposter.world)'s status on Wednesday, 10-Jul-2024 02:28:47 JST mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:
@sun @mia how about a nitro key ? In conversation permalink -
Embed this notice
Angry Sun (sun@shitposter.world)'s status on Wednesday, 10-Jul-2024 02:28:47 JST Angry Sun
@mangeurdenuage @mia same thing effectively In conversation permalink -
Embed this notice
Ignas Kiela (ignaloidas@not.acu.lt)'s status on Saturday, 13-Jul-2024 23:39:25 JST Ignas Kiela
@sun@shitposter.world IIRC you can store LUKS keys in TPM, but in general, the support is shit.
In conversation permalink Angry Sun likes this.
-
Embed this notice