Stories
Slash Boxes
Comments

SoylentNews is people

Purism Announces the "Librem Key"

posted by Fnord666 on Tuesday September 25 2018, @09:15PM   Printer-friendly
from the another-thing-for-your-key-ring dept.

An Anonymous Coward writes:

The Librem Key is an OpenPGP smart card supporting up to 4096-bit RSA keys and 512-bit ECC keys. These keys are intended to be used as basic security token functions -- they will work with any laptop/PC but reportedly offer extra features when paired with Librem laptops or devices supporting the Heads security firmware.

https://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Key

In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:

  • Insert the Librem Key at boot and automatically decrypt your hard drive
  • Automatically lock your laptop whenever you remove the Librem Key
  • Use your Librem Key to log in

https://puri.sm/posts/introducing-the-librem-key/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Purism Announces the "Librem Key" | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by pvanhoof on Wednesday September 26 2018, @05:32PM (1 child)

    by pvanhoof (4638) on Wednesday September 26 2018, @05:32PM (#740332) Homepage

    Well I actually use a MicroSD card for my disk encryption luks keys. I figured that a USB device has a active component that has DMA access. So if my USB stick would get infected by malicious code (a so called BadUSB thingy) then I don't need to use it to get my LVM disk volumes mounted. I don't think MicroSD has its own CPU (like USB sticks do). Similarly I could have used a good old 3'14 diskette, but the laptop no longer comes with such hardware (and it's too much of a hassle to get it installed). Same for CDROM (although that's more easy).

    As for xkcd.com/538, I have simply removed the passphrase luks key (you can indeed do this with luks, and be left only with the key on external media). So even if they torture me with a $5 wrench, without the MicroSD card there is no possibility of mounting my encrypted LVM volumes (I of course have backups of my data at home and/or at some safe place).

    But of course, I fully realize that taking out the MicroSD card and leaving my laptop unattended will not help me against a Evil Maid attack where they basically make a HW copy of the RAM modules.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by DannyB on Wednesday September 26 2018, @06:21PM

    by DannyB (5839) Subscriber Badge on Wednesday September 26 2018, @06:21PM (#740356) Journal

    I keep my passphrase secret by wearing the t-shirt inside out.

    --
    The lower I set my standards the more accomplishments I have.