On 1144624904 seconds since the Beginning of the UNIX epoch
Jan Danielsson wrote:
>

Mount up the usb drive and store the parameters file there.  Generate
it with:

	$ cgdconfig -g -k pkcs5_pbkdf2/sha1 -k storedkey aes-cbc 256

The two `-k' options will cause 2 key generation sections to be
defined.  The first is your passphrase based authentication and
the next is a key that is simply stored in the parameters file.

The results of both key generation methods will be XOR'ed to produce
the final key when you configure the CGD.

With the storedkey section, the parameters file will be necessary
to reproduce the key and hence the file itself becomes the second
factor on your two factor authentication.  If it is stored only
on the USB dongle, then the dongle is the second factor.

Make absolutely sure that this file is not written anywhere else,
of course.

(You can do the same trick with multiple -k's for multiple passphrases
if desired.)

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/