From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_ZEN_BLOCKED_OPENDNS,URIBL_DBL_BLOCKED_OPENDNS, URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.4 Received: from txout-a3-smtp.messagingengine.com (txout-a3-smtp.messagingengine.com [103.168.172.226]) by inbox.vuxu.org (Postfix) with ESMTP id BF0C02B906 for ; Wed, 31 Dec 2025 17:19:35 +0100 (CET) Received: from localhost.localdomain (phl-topicbox-01.internal [10.202.2.219]) by mailtxout.phl.internal (Postfix) with ESMTP id 6F1971C02E7 for ; Wed, 31 Dec 2025 11:19:35 -0500 (EST) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=sirjofri.de header.i=@sirjofri.de header.b=bO+Z5GQo header.a=rsa-sha256 header.s=dkimone x-bits=2048; dmarc=pass policy.published-domain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=sirjofri.de; spf=pass smtp.mailfrom=sirjofri+ml-9fans@sirjofri.de smtp.helo=sirjofri.de; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=date:to:message-id:in-reply-to:references :subject:mime-version:content-type:content-transfer-encoding :list-help:list-id:list-post:list-subscribe:reply-to:from :list-unsubscribe; s=sysmsg-1; t=1767197975; bh=QMXb7cyZ+DFSlAyB RC0YBd7jnwO7LcC83kaM2mSrZn4=; b=TTGOSTQaEYwAazJQ2Q7JgiIRM4gmiCfo Pp9gGgTAzyQYhU3iuOdtC98vSJ9QGNMVyIY7fj39mh1V1coJS3Kx4Jd1anljIHLm xTblbm2L2ORPTVt3PujgJl4Dc1xYUmiIePGO+MdcB/r1e5pAvCryQ97dBGunClbS GXYgC1H70mg= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1767197975; b=VW9pnt4BGebqBXGnikarIpcgvs7cJXd/YtutmlhemSumx6+XDh DJJKaYA55BdykxJJYOHYfaC1MkdZJvO9Ab7jebaf6f4C0MfCc23ev4/iUJDWSZar 5Wf/+xv+QPW8v9MEaB8WjF5yB3XZTdKbN57qSIp/H6Sp1P9pgJFU2hfzM= Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=sirjofri.de header.i=@sirjofri.de header.b=bO+Z5GQo header.a=rsa-sha256 header.s=dkimone x-bits=2048; dmarc=pass policy.published-domain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=sirjofri.de; spf=pass smtp.mailfrom=sirjofri+ml-9fans@sirjofri.de smtp.helo=sirjofri.de; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: authmilter.topicbox.com; arc=none (no signatures found); bimi=none (No BIMI records found); dkim=pass (2048-bit rsa key sha256) header.d=sirjofri.de header.i=@sirjofri.de header.b=bO+Z5GQo header.a=rsa-sha256 header.s=dkimone x-bits=2048; dmarc=pass policy.published-domain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=sirjofri.de; iprev=pass smtp.remote-ip=5.45.105.127 (sirjofri.de); spf=pass smtp.mailfrom=sirjofri+ml-9fans@sirjofri.de smtp.helo=sirjofri.de; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=sirjofri.de policy.ptr=sirjofri.de; x-return-mx=pass header.domain=sirjofri.de policy.is_org=yes (MX Records found: sirjofri.de); x-return-mx=pass smtp.domain=sirjofri.de policy.is_org=yes (MX Records found: sirjofri.de); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-CHACHA20-POLY1305 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=date:to :message-id:in-reply-to:references:subject:mime-version :content-type:content-transfer-encoding:list-help:list-id :list-post:list-subscribe:reply-to:from:list-unsubscribe; s= dkim-1; t=1767197975; x=1767284375; bh=QMXb7cyZ+DFSlAyBRC0YBd7jn wO7LcC83kaM2mSrZn4=; b=GQ0YP1zK3JuV8pYJWm/5rHzNRr1dy8jJ2SnVtvCsp o5Dnan2ByOjxfkcco41xWt18g4mCmBh7/tQMGouT35PCcAyPfjtNnrM8jFGd7vzg v114CYKTNK+Cq54jlcLgqBklvf3SXoTuioTfmKRLqxWv4o+b9gNpoQ3AYmXEWorV HE= Received: from authmilter.topicbox.com (unknown [172.17.0.1]) by mx.topicbox.com (Postfix) with ESMTP id 48CA235CD640 for <9fans@9fans.net>; Wed, 31 Dec 2025 04:40:43 -0500 (EST) Received: from mx.topicbox.com (172.17.0.1 [172.17.0.1]) by authmilter.topicbox.com (Authentication Milter) with ESMTP id C4FFDD53C32; Wed, 31 Dec 2025 04:40:43 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1767174043; b=w4GBIe0VP3C2FMLjMhg86G13saBw4Uyjb4xI+BYeVTPeGU0TtN rcM2qI1F1B/gK7Sy+lfAO4w1LYDdDNJQBgraSFQllCzl3SjykpbRsM/aALYWJKci m8my+AT6xTlAJp30p3/NE4HQci2TXQaCPtPehQELS9F2p4p2ajTNI0d2E1sm8kbG VzEFxd29F3uQwd3n06naesWlNlIEASrI6f0nxesHmRrpJjSQhYdb0UpLtM1qgk8l +HIWg5tPJi+m5Y1X4Xzd2J44lEloqCZziLAJi8gXThYlExup1Jmxm6Wy0ypjiOEw XVXrM9kb9W5yn/yV6D7QOuPAMLY7k18Yf8Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=date:from:to:message-id:in-reply-to:references :subject:mime-version:content-type:content-transfer-encoding; s= arcseal; t=1767174043; bh=0cx3RTPviEHFcCWpQNhwydXj1qsmiENr9dOk9x OH9MU=; b=Blk6HNZhGT0wUvRXfm06uspC6Js46rKkRPQg/IPUAZKI4klH8iz7Wm jKXkZBvDgDl6bIJjsN0sTwqosQsS07iVpoeal/S3cwcxlRfdZdpeLA3WnnxObikc T5a8FtFSvLNM+0UthJ+TpYYDHCUMOA3Vpx4v/+rX9oXInu6dTPkkRL8R6Gt7xL4w OxBchsaKNbpeC42Hlj0O1BeKiji/Gv/1LLHVVF49hOGcPDyqkhECwULxfj5BlSin EhSr2yMlyQzCz+Gje8gdbtiFnES+B5texG5LssjT7A2jjuFZze+Opi7w/Q7R69E4 LRNfnYCOqVRjRbICKAdpjo60IGlxRK9g== ARC-Authentication-Results: i=1; authmilter.topicbox.com; arc=none (no signatures found); bimi=none (No BIMI records found); dkim=pass (2048-bit rsa key sha256) header.d=sirjofri.de header.i=@sirjofri.de header.b=bO+Z5GQo header.a=rsa-sha256 header.s=dkimone x-bits=2048; dmarc=pass policy.published-domain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=sirjofri.de; iprev=pass smtp.remote-ip=5.45.105.127 (sirjofri.de); spf=pass smtp.mailfrom=sirjofri+ml-9fans@sirjofri.de smtp.helo=sirjofri.de; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=sirjofri.de policy.ptr=sirjofri.de; x-return-mx=pass header.domain=sirjofri.de policy.is_org=yes (MX Records found: sirjofri.de); x-return-mx=pass smtp.domain=sirjofri.de policy.is_org=yes (MX Records found: sirjofri.de); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-CHACHA20-POLY1305 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdekvdehiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvf fkjghfufggtgfgsehtjeertddttdejnecuhfhrohhmpehsihhrjhhofhhrihcuoehsihhr jhhofhhrihdomhhlqdelfhgrnhhssehsihhrjhhofhhrihdruggvqeenucggtffrrghtth gvrhhnpeefhfdtteduheffveeuleefgeejvdegfeegtddtheeluedutdehudfhfeffueel teenucfkphephedrgeehrddutdehrdduvdejpdekgedrudeihedruddtuddrvddvfeenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeehrdeghedruddthedr uddvjedphhgvlhhopehsihhrjhhofhhrihdruggvpdhmrghilhhfrhhomhepoehsihhrjh hofhhrihdomhhlqdelfhgrnhhssehsihhrjhhofhhrihdruggvqedpnhgspghrtghpthht ohepuddprhgtphhtthhopeeolehfrghnsheslehfrghnshdrnhgvtheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (sirjofri.de: 5.45.105.127 is authorized to use 'sirjofri+ml-9fans@sirjofri.de' in 'mfrom' identity (mechanism 'mx' matched)) receiver=authmilter.topicbox.com; identity=mailfrom; envelope-from="sirjofri+ml-9fans@sirjofri.de"; helo=sirjofri.de; client-ip=5.45.105.127 Received: from sirjofri.de (sirjofri.de [5.45.105.127]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Wed, 31 Dec 2025 04:40:41 -0500 (EST) Received: from dummy.faircode.eu ([84.165.101.223]) by sirjofri.de; Wed Dec 31 10:40:37 +0100 2025 Date: Wed, 31 Dec 2025 10:40:38 +0100 To: 9fans <9fans@9fans.net> Message-ID: In-Reply-To: <8716F627-36EE-445A-B4B4-754C9136596E@quintile.net> References: <082BB1F6719955832AA636A1DF46A15E@eigenstate.org> <8716F627-36EE-445A-B4B4-754C9136596E@quintile.net> Subject: Re: [9fans] Solo factotum MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Correlation-ID: Topicbox-Policy-Reasoning: moderate: sender is a member; group holds all messages Topicbox-Message-UUID: c757e60e-e62c-11f0-83e0-1ff40fc0285f Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UYTYwNzUyNjYzZmYwODQ0OC1NZmU4NGVmYzljMjBjMzcxYmEwZDE5?= =?UTF-8?B?OWFiPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> From: "sirjofri via 9fans" <9fans@9fans.net> List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Mfe84efc9c20c371ba0d199ab:1:gcoIjz6TBg-wVh5U7p7PVC_BNALBgXovwGcxcg781qE 31.12.2025 05:31:21 Steve Simon : > when i used plan9 full time i kept a usb stick containing my encrypted se= crets (in factotum format) plugged into my terminal. > i added a clause to my profile to prompt for the password to decrypt it a= nd push the text (via read -m) into /mnt/factotum/ctl. > > (all from memory, so it may be inexact) > > how would the proposed device improve on this? - honest question. That depends on your terminal and grid. Yes, the factotum process runs on y= our terminal, so the memory is on your machine. However, if that terminal b= oots off an untrusted grid and the factotum program is corrupted to send yo= ur secrets to some server, or to have debugging enabled by default, that's = an attack vector. It's like using ipso in an unprotected ramfs. If factotum runs standalone on a separate machine like that USB device, the= secrets can't leave that device and thus never even reach the terminal. Again, that attack vector is very unlikely in a standard environment where = you control the grid, and most users will run trusted factotums in public g= rids, too, by using a trusted system to rcpu into that untrusted one. Other= than that, security is a very personal thing. Some people can live with hi= gher risks than others. And yes ori, it's basically reinventing TPM, just Plan 9-flavored. Have a good new year everyone sirjofri ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-Mfe84e= fc9c20c371ba0d199ab Delivery options: https://9fans.topicbox.com/groups/9fans/subscription