The idea is to use it for one-time-passwords verification generated by a yubikey (
www.yubico.com), so even if a hw keylogger or whatever gets your password it would be useless. However there are some problems:
1.) How to fit the one-time-password into the derived key for the encryption/decryption. The easiest scenario would probably be to use the OTP just as another layer before one has to enter the password the key is derived from for decryption.
2.) If the OTP is just another layer I dont know if it adds any security -> possible to just mount the volume without the OTP? Possible to prevent this if the encryption key is not derived from the OTP?
...havent given it too much thought - head filled with other problems
