Antw: [EXT] Re: Disallowing fingerprint authentication if pam_systemd_home.so needs a password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>> juice <juice@xxxxxxxxxxx> schrieb am 25.04.2022 um 17:03 in Nachricht
<4CBF03CA-7A0A-4DBE-AD00-C6F3938FFB55@xxxxxxxxxxx>:

> 
> 25. huhtikuuta 2022 16.39.56 GMT+03:00 Benjamin Berg 
><benjamin@xxxxxxxxxxxxxxxx> kirjoitti:
>>On Mon, 2022-04-25 at 13:28 +0200, Lennart Poettering wrote:
>>> 
>>> Hmm, not sure I follow? I don't know how fingerprint flow of control
>>> is. Is this about authentication-by-fingerprint? Or already about
>>> user-selection-by-fingerprint?
>>
>>I was just thinking of authentication-by-fingerprint. Though I don't
>>think it makes a big difference here.
>>
> 
> Using fingerprint for *authentication* is totally broken concept which 
> should never be allowed.

Why? Is a PIN any better?

> Fingerprints are *userid*, never *password*.
> 
> We leave our fingerprints lying around all the time, and given malicious 
> enough adversaries they might as well take our fingers too. (I sure would 
> like to avoid that possibility!!)

So you are saying users leave themselves lying around everywhere? ;-)

> 
> Fingerprints can be used on place of username, that is OK and does not 
> present similar risks.

Fingerprints are mote than a userid IMHO.

> 
>   - Juice -
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux