[Semibug] Security question

Thomas Levine _ at thomaslevine.com
Sun Apr 7 17:29:55 EDT 2019

If you are using OpenSSH or similar, I thing you should be more
concerned about tampering of phone operating system rather than
tampering of the data transfer. So one approach is just to get
a Librem 5.

Either way, consider how to address physical access to the phone.

I have used TOTP, carrying another, non-networked device for generating
one-time passwords. I was not logging into an OpenBSD system, but you
could do that with login_otp. I might set it up myself, actually.

With a separate TOTP device, the attacker needs to steal two devices
instead of just one, and the attacker would need to do more than copying
of the certificate or installing a keylogger.

More information about the Semibug mailing list