f1-outsourcing
commented
2 months ago I don't think other apps have this option. I think it is quite nice! ;)
Closed f1-outsourcing closed 2 months ago
f1-outsourcing
commented
2 months ago I don't think other apps have this option. I think it is quite nice! ;)
alexbakker
commented
2 months ago Thanks for the suggestion, but I don't agree this adds any meaningful security. This is essentially equivalent to a very strong passphrase. You can actually already achieve something like this if you really wanted to, by configuring a Yubikey as an HID keyboard and having it output a strong password to unlock Aegis.
I also think we would be able to count the number of people who would use this feature on one hand.
f1-outsourcing
commented
2 months ago It definitely adds meaningful security. You don't have to enter in public a password, that could be visually recorded. Furthermore keys are not really brute forced, passphrases are done with dictionaries. I am not familiar with yubikey. Having the usb drive is easier and available to everyone. Everyone has one lying around. The key file is always better than strong passphrase. People are not using it because nobody is offering it. 5 years ago nobody was using OTP, TOTP, so it is not really argument that maybe people would not use it. keepass also has this feature of being able to unlock a db several ways.
I am a little worried about that if your phone is unlocked or remotely hacked your stuff can be easily accessed. What about having an encryption key stored on a external usb pen drive and only with this usb pen drive inserted, the encryption key is available to unencrypt aegis files and access is possible.