From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VA1LQ-0005qc-4I for mharc-grub-devel@gnu.org; Thu, 15 Aug 2013 13:28:20 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37076) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VA1LF-0005Zq-Rf for grub-devel@gnu.org; Thu, 15 Aug 2013 13:28:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VA1L7-0002t2-Cx for grub-devel@gnu.org; Thu, 15 Aug 2013 13:28:09 -0400 Received: from mail-ee0-x235.google.com ([2a00:1450:4013:c00::235]:43624) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VA1L7-0002sp-73 for grub-devel@gnu.org; Thu, 15 Aug 2013 13:28:01 -0400 Received: by mail-ee0-f53.google.com with SMTP id b15so495974eek.26 for ; Thu, 15 Aug 2013 10:28:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=y3dt/iBV4tJrLqC/75Nti0IpVVPG+RtBL7639nWlQ/8=; b=mGZ6EFkV9WP9uwYfCjcYxRBvnvPuF1O/ZU3ZFtvtspoDl7DGLCePeyutYUoYSNkSXJ dpECA/9KUSpcZN9M2ECVoM1l1RKZtQ0hEonrClgMR48ojvsUqisYaUo/E9UDdmkroEwa er5Cin9z7VbSnsqgV6aqq9hfvXWl2WQX5WMFw1xnHAtX1CU7HfuuyAwzLE5wF3OzCBPA JL7igzodEA8yIz5NkRpTSliMadpAbNmHrj+GKi2RP6+CS/cm5vrA5h/K5yiCFKN8TtLG jIk4uej4LFJevq5FMb/tMn/10mm7jK/SGU5hSHcLG/HthzbtlJYb3nuCnglRPP+v6pT3 fYsA== X-Received: by 10.14.210.8 with SMTP id t8mr24003987eeo.39.1376587680476; Thu, 15 Aug 2013 10:28:00 -0700 (PDT) Received: from [192.168.42.216] (212-228.197-178.cust.bluewin.ch. [178.197.228.212]) by mx.google.com with ESMTPSA id a6sm43949eei.10.2013.08.15.10.27.58 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 15 Aug 2013 10:27:59 -0700 (PDT) Message-ID: <520D0F98.1050208@gmail.com> Date: Thu, 15 Aug 2013 19:27:52 +0200 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130630 Icedove/17.0.7 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: LUKS Encryption and Fingerprint readers? References: <520D06F7.5030900@iam.tj> In-Reply-To: <520D06F7.5030900@iam.tj> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4013:c00::235 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Aug 2013 17:28:18 -0000 On 15.08.2013 18:51, TJ wrote: > I was searching for any hint that GRUB might support using a fingerprint reading device as input for unlocking encryption. It's not possible to do securely as fingerprints are not secret. In fact, there are plenty of owner fingerprints on the laptop. But encryption key has to be secret. You can't derive secret key from non-secret data only, it would be like writing encryption key on the laptop itself. To retrieve the fingerprint from laptop and reply it into fingerprint reader is within a reach of computer security student with cheap equipment. There is some research in using biometrics to derive keys. Best result is with handwriting: a person writes a secret word on special reader but even this is pretty weak as researches show.