[Semibug] Security question
Thomas Levine
_ at thomaslevine.com
Sun Apr 7 17:29:55 EDT 2019
If you are using OpenSSH or similar, I thing you should be more
concerned about tampering of phone operating system rather than
tampering of the data transfer. So one approach is just to get
a Librem 5.
https://puri.sm/products/librem-5/
Either way, consider how to address physical access to the phone.
I have used TOTP, carrying another, non-networked device for generating
one-time passwords. I was not logging into an OpenBSD system, but you
could do that with login_otp. I might set it up myself, actually.
https://github.com/reyk/login_otp
With a separate TOTP device, the attacker needs to steal two devices
instead of just one, and the attacker would need to do more than copying
of the certificate or installing a keylogger.
More information about the Semibug
mailing list