Re: Yubikeys are now supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 7 Oct 2010, Mike McGrath wrote:

>>> We also decided to allow yubikeys as an authentication option for the
>>> larger community to some hosts and services like fedorapeople.org or
>>> https://admin.fedoraproject.org/community/.  When asked for a password,
>>> just use your yubikey to generate a otp instead.  Those wishing to use one
>>> may purchase a yubikey on their own at:

> I suspect it'd be worth it to see if we could get one for Fedora.

I have one and I've played with it in fedora. There is however an important
catch. The server and the yubikey share the same AES symmetric key. This means
that if the yubikey is used for multiple sites by one user, that user is sharing
is his "private key" over various external sites.

So if fedoraproject would accept it, and the same user uses this yubikey for
another site, and that other site gets hacked, then fedoraproject could be
hacked as well.

I guess in a way it is like using the same password, but people might not be
thinking of that when they have a "device" on them that they use.

Paul
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux