On Sun, 2023-12-31 at 18:49 +0800, YunQiang Su wrote: > * Package name : cryptsetup-2fa > Version : 0.1 > Upstream Contact: YunQiang Su <s...@debian.org> > * URL : https://github.com/wzssyqa/cryptsetup-2fa/ > * License : BSD-2 > Programming Lang: SHELL > Description : 2FA plugin for cryptsetup > > 2 mthods are supported for 2 FA: > - Yubikey Challenge > - TPM2 Keypair > PIN-less is also supported, if the PINs are present in > /etc/cryptsetup/2fa.conf. > > Since I am not expert of security and encrypt: > CODE Review is requested here, too.
Is there any reason to not just use systemd-cryptenroll? It seems to be a more featureful implementation and also doesn't require storing PINs in plain text in configuration files like /etc/cryptsetup/2fa/2fa.conf as README instructs users to do here. Nor does it store plain text credentials in /var/cache. Ansgar PS: I also don't understand why cryptsetup-2fa-enroll(1) references privacyIDEA.
