-   Linux - Security (
-   -   Two-factor authentication (

XsuX 11-28-2004 12:22 AM

Two-factor authentication
OK. This is a really hard question to explain, but maybe it'll provide some people with a cerebral challenge....

I want to use two-factor authentication in booting my box (like this ) where a USB key and a password are required to boot the box. I would like to actually do it myself (if possible and within reason), so I was thinking, could I do something like delete my MBR from my hard drive (please don't flame me if that's a bad thing to do, I am still a recovering Windoze user) and put the MBR on the key and require a password to boot, and then set my BIOS to boot from the USB every time? Is that feasible? If so, how would I go about doing it? Like I said, I really don't know if what I want to do is possible, but it would be cool. Thanks in advance for any help.

nukkel 11-28-2004 06:13 AM

It would be possible... Make a bootable USB keydrive and put the GRUB bootloader on it, GRUB can be instructed to boot anything (like e.g. your hard drive) and to prompt for a password in order to boot at all... Then when you tell the BIOS to boot only from USB it will refuse to boot without the key drive.

However, someone could still make his own bootable keydrive and use that to boot your box. So it's not waterproof... To make it 100% safe you'd probably have to write your own bootloader (on the hard disk) so that it reads e.g. a sector from the USB key drive and sees if it is YOUR key drive. Not easy...! :(

All times are GMT -5. The time now is 07:34 AM.