Re: Stale proven packagers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Dec 26, 2020 at 10:54 PM Björn Persson <Bjorn@rombobjörn.se> wrote:
>
> Gary Buhrmaster wrote:
> > Arguably those with elevated access (provenpackagers(*))
> > should be required to use a hardware token such
> > as a FIDO2 authenticators with biometrics and/or
> > PIN required
>
> I'm in favor of complementing the FAS passphrase with a second factor.
>
> I'm against any attempt to require biometrics. These are my reasons:

He did say and/or and there's been no official proposal for
biometrics, and I very much doubt there will be, I don't see the point
in it.

> · Biometric identifiers aren't cleanly separated from identity. They
> are more akin to your username than to your passphrase. A random key or
> a passphrase can be revoked and replaced if it gets out. Fingers and
> faces are very difficult to replace. And yes they can get out. Once
> your fingerprint has been scanned and turned into data, those data can
> be copied like any other secret. You also leave your fingerprints on
> everything you touch.
>
> · Such a requirement is unenforceable. A client can never prove to a
> server that it has a certain piece of hardware. It can only prove that
> it knows a certain secret – or two secrets since we're talking about
> two-factor authentication. Whether the secrets are stored on a hard
> disk, in a Yubikey, in somebody's brain or in somebody's retina, is
> unknown to the server. Before authentication it must be assumed that
> the client may be an attacker who is lying about everything they can
> lie about. Some protocol might allow the client to claim that it used a
> fingerprint reader, but as far as the server knows the attacker might
> just be using a stored scan of the real user's fingerprint.
>
> · Biometrics is low-grade security for use where convenience takes
> precedence. If somebody can't remember a good PIN, then it's better for
> them to unlock their phone with their fingerprint than to choose "0000"
> for their PIN. Strong crypto keys and hardware tokens are better where
> security requirements are higher, like in two-factor authentication.
> Requiring biometrics is effectively the same as prohibiting stronger
> authentication methods, which is a stupid thing to do.
>
> Björn Persson
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux