On Sat, Dec 26, 2020 at 10:54 PM Björn Persson <Bjorn@rombobjörn.se> wrote: > > Gary Buhrmaster wrote: > > Arguably those with elevated access (provenpackagers(*)) > > should be required to use a hardware token such > > as a FIDO2 authenticators with biometrics and/or > > PIN required > > I'm in favor of complementing the FAS passphrase with a second factor. > > I'm against any attempt to require biometrics. These are my reasons: He did say and/or and there's been no official proposal for biometrics, and I very much doubt there will be, I don't see the point in it. > · Biometric identifiers aren't cleanly separated from identity. They > are more akin to your username than to your passphrase. A random key or > a passphrase can be revoked and replaced if it gets out. Fingers and > faces are very difficult to replace. And yes they can get out. Once > your fingerprint has been scanned and turned into data, those data can > be copied like any other secret. You also leave your fingerprints on > everything you touch. > > · Such a requirement is unenforceable. A client can never prove to a > server that it has a certain piece of hardware. It can only prove that > it knows a certain secret – or two secrets since we're talking about > two-factor authentication. Whether the secrets are stored on a hard > disk, in a Yubikey, in somebody's brain or in somebody's retina, is > unknown to the server. Before authentication it must be assumed that > the client may be an attacker who is lying about everything they can > lie about. Some protocol might allow the client to claim that it used a > fingerprint reader, but as far as the server knows the attacker might > just be using a stored scan of the real user's fingerprint. > > · Biometrics is low-grade security for use where convenience takes > precedence. If somebody can't remember a good PIN, then it's better for > them to unlock their phone with their fingerprint than to choose "0000" > for their PIN. Strong crypto keys and hardware tokens are better where > security requirements are higher, like in two-factor authentication. > Requiring biometrics is effectively the same as prohibiting stronger > authentication methods, which is a stupid thing to do. > > Björn Persson > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
