On Fri, Jan 9, 2009 at 10:33 PM, Jerry Amundson <jamundso@xxxxxxxxx> wrote: > On 1/9/09, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: >> A central unspoofable password dialog does make sense for improving >> security, Fedora isn't there yet… but CLI apps kicking you to some >> external dialog for passwords is a necessary step to that end. > > And that's been proven by whom? … Perhaps you didn't understand what I was saying. It is considered a reasonable goal by many that there ought to be a way for joe-average-user to be confident that when he is entering a password it isn't being entered into some spoof/trojan program. There are a number of ways to accomplish this, for example: There could be a secure system level password entry box that requires a magic keypress to activate, and the keypress can't be intercepted by anything 'user level'. (The windows NT press ctrl-alt-delete login box is an example of this). Or, for example, the entry could be accomplished via a secure hardware device (such as a smartcard or external keypad) which communicates with a protected system level service. I'm sure you can imagine a few more possibilities. Individual apps (be they CLI or GUI) prompting the user for their password inline is simply incompatible with that goal. If every little application has it's own password prompts and password entry facilities the user can't be confident that the one he's talking to is the one he wants and isn't just some trojan. This isn't to say that the one-password-dialog-to-rule-them-all must be obnoxious, focus stealing, etc. ... only that a particular security goal which you may or many not share requires the consistency of singular password entry point. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
