Thoughts - snoj/DrinkAllTheMilk GitHub Wiki

This could happen on the thumb drive volume, but also the en-shad.img file, destroying both. The only way to prevent this would be to not pull out the drive until after signing in and to umount before leaving the computer alone. Both options have scenarios that don't play well with the idea of identifying device that should be easily added or removed.

Currently I have no idea what filesystem, if any, would offer the best handling of hard device removal.

I can't think of a good way to have en-shad.img span multiple devices and keep with the two factor auth theme.

If we keep a local up-to-date copy, we could test for the presence and timestamp of one on a thumb drive and copy the newer version over. However this would kind of take away from having a usb device that holds our credentials. I would suppose that having en-shad encrypted allows for multiple copies to exist in multiple places. Only those that share the same skey would work anyway.