[ltp] using fingerprint reader for encryption or ssh login?
Jiang Qian
linux-thinkpad@linux-thinkpad.org
Mon, 19 Nov 2007 04:30:39 -0500
Hi All:
I'm among the paranoid people out there who encrypt things but
still fear key stroke logger to steal my passwords. Currently, I use
fingerprint reader to do sudo, so that I don't need to type in password.
And I store my passwords, such as those for web logins, in an encrypted
file, using a password only for this occasion to decrypt the password
file. I copy and paste things to web login so that keystroke logger
cannot read off my passwords.
But still, won't it be wonderful if we can use the fingerprint
reader, which is already up and running via bioapi interface to PAM, to
do the following:
1) Authenticate me and decrypt my master password file on disk,
so that even a keystroke logger cannot defeat encryption on my master
password file. I know that you can set up the machine to refuse to boot
unless offered fingerprint, via BIOS, but I don't believe that helps if
governments make off with your hard drive.
2) Use fingerprint for all the web logins. I know this is
possible via software under windows. Why can't we have this under linux?
3) Related to 1, use fingerprint reader to decrypt the ssh key
when adding it to ssh-agent.
Any idea how to realize any of these three under linux? Thanks
in advance.
Jiang