Re: Stale proven packagers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gary Buhrmaster wrote:
> Arguably those with elevated access (provenpackagers(*))
> should be required to use a hardware token such
> as a FIDO2 authenticators with biometrics and/or
> PIN required

I'm in favor of complementing the FAS passphrase with a second factor.

I'm against any attempt to require biometrics. These are my reasons:

· Biometric identifiers aren't cleanly separated from identity. They
are more akin to your username than to your passphrase. A random key or
a passphrase can be revoked and replaced if it gets out. Fingers and
faces are very difficult to replace. And yes they can get out. Once
your fingerprint has been scanned and turned into data, those data can
be copied like any other secret. You also leave your fingerprints on
everything you touch.

· Such a requirement is unenforceable. A client can never prove to a
server that it has a certain piece of hardware. It can only prove that
it knows a certain secret – or two secrets since we're talking about
two-factor authentication. Whether the secrets are stored on a hard
disk, in a Yubikey, in somebody's brain or in somebody's retina, is
unknown to the server. Before authentication it must be assumed that
the client may be an attacker who is lying about everything they can
lie about. Some protocol might allow the client to claim that it used a
fingerprint reader, but as far as the server knows the attacker might
just be using a stored scan of the real user's fingerprint.

· Biometrics is low-grade security for use where convenience takes
precedence. If somebody can't remember a good PIN, then it's better for
them to unlock their phone with their fingerprint than to choose "0000"
for their PIN. Strong crypto keys and hardware tokens are better where
security requirements are higher, like in two-factor authentication.
Requiring biometrics is effectively the same as prohibiting stronger
authentication methods, which is a stupid thing to do.

Björn Persson

Attachment: pgpRH1vhtGKNo.pgp
Description: OpenPGP digital signatur

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux