From: Steve Simon <steve@quintile.net>
To: 9fans <9fans@9fans.net>
Subject: Re: [9fans] Solo factotum
Date: Wed, 31 Dec 2025 17:24:20 +1300 [thread overview]
Message-ID: <8716F627-36EE-445A-B4B4-754C9136596E@quintile.net> (raw)
In-Reply-To: <082BB1F6719955832AA636A1DF46A15E@eigenstate.org>
when i used plan9 full time i kept a usb stick containing my encrypted secrets (in factotum format) plugged into my terminal.
i added a clause to my profile to prompt for the password to decrypt it and push the text (via read -m) into /mnt/factotum/ctl.
(all from memory, so it may be inexact)
how would the proposed device improve on this? - honest question.
-Steve
> On 31 Dec 2025, at 1:14 pm, ori@eigenstate.org wrote:
>
> y'all are reinventing a TPM.
>
> Quoth sirjofri via 9fans <9fans@9fans.net>:
>> 30.12.2025 19:22:13 Dworkin Muller <dworkin@weaselfish.com>:
>>> Alternatively, just set it up as a secret store, like is done with
>>> terminals. Not quite as elegant/cool, but perhaps more practical.
>>
>> In general, you're right. However the big difference (and why I think there's a solid use case for a factotum key) is that the machine that runs factotum has to be secure. If you have a terminal with its own factotum program, that's fine. The program is on a trusted machine. However, if your terminal boots off a fs, you have to trust the factotum program on that fs to not steal your keys when executed. If you run factotum in a remote session, you have to trust the server. If you have a single enclosed factotum key and no way for the host to download the secrets directly, then you can use it even on an untrusted machine.
>>
>> Sure, you still need a way to edit the keys. Maybe a specific mount access using an additional secret for editing or something similar could be invented.
>>
>> In any case, I think for a fully trusted environment you probably don't need a factotum key. I think the whole factotum and secstore stuff is built around this level of trust (you trust the grid). If you consider a public grid with multiple users and people who sign in as guests, I'd prefer to not have my secrets uploaded into the memory of a machine that I can't control myself, if possible. And people do set up grids like that. That's why I welcome experiments into that direction. Not to replace the current status quo, but to extend it in a compatible way for different use cases.
>>
>> sirjofri
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-M4c3d06203988eafa4f6a9030
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next prev parent reply other threads:[~2025-12-31 4:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-29 10:57 [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) David Arroyo
2025-12-29 14:40 ` sirjofri via 9fans
2025-12-30 6:28 ` David Arroyo
2025-12-30 17:56 ` [9fans] Solo factotum Dworkin Muller
2025-12-30 21:37 ` sirjofri via 9fans
2025-12-30 23:29 ` ori
2025-12-31 4:24 ` Steve Simon [this message]
2025-12-31 5:21 ` David Arroyo
2025-12-31 17:31 ` ori
2025-12-31 21:47 ` Steve Simon
2025-12-31 9:40 ` sirjofri via 9fans
2025-12-31 16:26 ` ori
2025-12-31 8:51 ` Skip Tavakkolian
2025-12-29 15:32 ` [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) Shawn Rutledge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8716F627-36EE-445A-B4B4-754C9136596E@quintile.net \
--to=steve@quintile.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).