On Tue, Sep 24, 2019 at 9:27 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > On Tue, Sep 24, 2019 at 3:32 PM Frantisek Zatloukal <fzatlouk@xxxxxxxxxx> wrote: > > > > So, as I understand that, enforcing per-user encryption is not going to prevent anybody from having automatic login? > > It's a really good question. They are mutually exclusive because to > combine them is absurd. Small clarification. The case where plymouth presents a box for the user to enter a passphrase, with GNOME Shell user account set to autologin, is not what I'm talking about. That's not really autologin, even if it uses an autologin setting. In this case: a. user interaction is mandatory b. passphrase is forwarded to gnom-shell for login c. passphrase is not stored Authentication is still happening. Passphrase only is slightly weaker than user selection plus passphrase. But it's authentication nevertheless. Whereas the case I'm referring to as absurd is: a. no user interaction, expressly unattended autologin b. The user data home encryption passphrase must somehow be stored; there could be indirection by encrypting it in some wrapper that includes a DEK and KEK, but the user passphrase is still trivially obtainable by necessity of a.) No authentication happens, and also the user's passphrase is exposed. I think this use case is invalid, shouldn't be implemented, and in fact should be blocked. Like if someone were to figure out a way to make it possible, it's a possible vulnerability. -- Chris Murphy _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
