Quote from: MrVidalia on June 03, 2012, 10:33 amReally only experiance I have with yubikey is the "challenge-response" for software licensing but they do have other modes: I have seen it used in website as authentication key but the ONLY protection this offer you is against breachs of your password like you input password to fake banking site then the hacker could not log on to real bank site because no authentication key. A code is mathematically created and the breach of a one use code they can not generate another valid one without yubikey. So example you have online banking. But still anyone can ask the bank what is your account balance and transactions, only protects you from the hacker log on.I just read the use note on the truecrypt with yubikey and this seems VERY much insecure. The password is stored, when the button is pushed it emulate a keyboard typing in the password. So e.g. now someone see your yubikey plug it to a usb keyboard log and they have your password in 1 second. There are NO verification so the encryption does not determine if the yubikey was installed or the password typed inthe keyboard. Compare to java smartcard in theory 2 way secure.... but then whom ever have the card can decrypt. Instead of this method, pick a strong password and write it only in your mind!So it might be more secure to have a multi-factor authentication for your encryption. E.g. enforced in the BIOS/TPM require your TPM password to initialize, your smart card, fingerprint and STRONG password only written in your mind... then everyone will wonder what secrets you have. Sometimes things hide best in plain site, encrypted of course like multiple hidden truecrypt volume on plain disks. Then remember not only do you have the files created, there is all small traces, browser history, cookie so much small stuff: solve it with fixed medium like live dvd (best for privacy because no rewrite) or write protect flash (secure in theory.)+1 to Mr Vidalia for an excellent post.It's certainly true to say that you want to have multi-factor authentication for your encryption i.e something you have and something you know. Truecrypt already supports this procedure through use of keyfiles in combination with a password and if you need help setting this up please do say so - however the Yubikey site itself says that if the key is lost along with the encrypted machine then the data will be compromised - so much for multi factor security!There are separate schools of thought on whether a live DVD or USB is more secure than an encrypted Operating System. Both methods are vulnerable to what is known as a "cold boot attack" where data can be harvested from RAM for a short time after a machine is powered down.The other concern for me about using a live DVD would be where to keep information such as my GPG private key or Bitcoin wallet software. Of course you can encrypt a USB drive with Truecrypt and keep such programs on there, which you could load with a "Live" operating system. V.