ecryptfs-users team mailing list archive

["Li, Yan I" <yan.i.li@xxxxxxxxx>]

On Fri, Feb 26, 2010 at 12:38:32PM +0800, Dustin Kirkland wrote:
> > Exactly. Does such an infrastructure exist? Or maybe I can start to
> > write one.
> 
> No, none exists yet.  Let's discuss it a bit more, make sure we agree
> on a design.  I'd also like to get Tyler's opinion on it.

Yeah, sure.

> The functions that deal with the wrapped-passphrase file are
> relatively few.  We could support a glob-type interface reasonably
> easily.  I'm just not sure of the security of doing so.  I guess we'd
> need to know a little more about the use case, if possible.

I'm exploring alternative ways for authenticating a user.

For example:

1. two people share a single encrypted directory but don't want to
   share their passwords with each other

2. the user may want to use either a smart card or a password to
   login

> > BTW, does this has anything to do with PKCS#11 support?
> 
> Hmm, not that I know of.  It's more of a token interface.  Like a
> fingerprint reader that produces an authentication token.


-- 
Best regards,
Li, Yan

Moblin Team, Opensource Technology Center, SSG, Intel
Office tel.: +86-10-82171695 (inet: 8-758-1695)
OpenPGP key: 5C6C31EF
IRC: yanli on network irc.freenode.net