@ted i may be wrong but this also looks like its using challenge/response (or worse, static key). so i dont think thats fido2, its relying on a feature of the keys programmable slots.
@chuck yeah, probably to support the older Yubikeys.
Though, I have a couple of those from UDS...
@ted i use mine all day every day
@chuck I used to a lot more. Then I switched a lot of things over to TOTP in my password manager.
I'm planning to use the Solokey over to opening up my password manager.
I'd love to use it for full disk encryption as well. But, not sure how to do that.
@riking yes, but that'd be more secure than a passphrase though, right?
@riking you'd be storing the key to decrypt the drive and the key used to encrypt it. You'd then be sending the drive's key to the USB device to decrypt it. So even if the drive is stolen you'd not be able to decrypt the drive because the key is encrypted. You'd be able to encrypt new keys, but that's not really useful.
@paperdigits yes, actually talking about that in a chat is what got me to looking at using the Solo Key with LUKS. It seems like it'd be easy to implement a pretty secure passphrase based boot with that.
Just for ease of use, might be worth carrying two keys.
@ted Did you ever find a nice way to use the Solo Key with LUKS (presumably a static secret key stored on the key, or encrypted, stored on the disk, but decrypted by the key)?
@nick_cripps no, but I haven't played with it much. Mostly looked for other people who've solved the problem, which there doesn't seem to be. Gonna have to find the time to do it myself it seems.
@ted I've ordered myself a hacker version of the SoloKey with a view to doing some development myself, having concluded it doesn't have options to do the things we need to buy it for work yet. I'd like to store GPG, SSH and LUKS keys on it. Let me know if you start on any of these, and I'll let you know if I do, and what progress (if any) I make.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!