Full disk encryption requires a long password, but I can’t remember it. Writing it down on paper isn’t safe, and I can’t use the password I memorized in public when I’m out.
So, I thought it would be great if the SSD password could be automatically entered when TOTP matches. Is there anyone already doing this? If so, please let me know how to do it.
I’m not sure how the TOTP fits in this conversation, but if you just want ‘passwordless’ LUKS encryption, that’s possible using yubikey (or many other hardware tokens)
Could also be used with a simple USB memory stick
I use a Nitrokey for this.
The thing is, TOTPs rely on the system clock being accurate (or at least the clock of whatever you’re storing the key on needs to be the same as the machine with the LUKS drive in it), otherwise they won’t generate TOTPs that the other will consider to be valid…
That’s a pretty cool idea, though. If it doesn’t already exist, it definitely warrants further investigation.
Wouldn’t this put:
on the same medium? – since the system would need access to the passphrase after comparing the TOTP, anyone with access to the boot partition would be able to read the same information (?).
Technically yes, but it wouldn’t be any different to how it’s done with a YubiKey or USB memory stick.
On top of that, there are ways that use asymmetric keypairs (similar to using passkeys to access a password vault) that would likely prove effective for use cases like this.