-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In addition to all the points you've raised, there is one more: it's
hard to make OTP really one-time in AEM threat model. If someone gets
physical access to your hardware, he/she can make an offline copy of the
(encrypted) hard drive. And then, when you enter your OTP and it gets
intercepted by evil-maid type attack, it doesn't matter that the
password can't be used again on your machine. It will work for the
offline disk copy made earlier. If you combine it with some TPM-based
sealing, you only raise the bar by requiring the decryption happen on
the same hardware.
The key point of *AEM* is authentication computer to its user (before
entering the password), not the other way around.
Adding some sort of 2FA may make sense, but it's orthogonal to AEM.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYWaeGAAoJENuP0xzK19csDVcH/RRxgHGZmTPZ6GTWWF0Pm7Ch
Keijenz6RYeTGEJx7Uvbfog7VKvd7u9TJQW4zsxGl6FjU6Vu7zSHtJgoLD1Vc65P
d3dFbnrTL76CPELe9gTnxngBKTZstWGxOFGB3m7Tiwrs2/fl9BRoIyEI9vE43DWK
bbRhnupK7kYJidCGDugmprVBqoIYvm24fLUDbO9rY1eJYp5nqrtO13U7HBto4w+V
Z2QzUFKZsXZzyl4d/3kil97rwMCIedFds7lgDSQ9dupEkTRiF2L7TZnBgOCL2iLA
sUKTD89O4cMDwNSC8DQneWNxJh+3lh+esJGU5gGIF9/DD0l73ZuSBO2sQhwGIDM=
=qhNk
-----END PGP SIGNATURE-----