|
I was really proud of my son when he shoulder surfed the unlock code for my phone at the age of 10. He has physical access to all my hardware.
|
#
?
Dec 2, 2013 20:37
|
|
|
|
| # ? May 17, 2024 23:24 |
|
|
Zombywuf posted:User turns their back for just long enough for someone to type "cat /totally/secure/password/store". You're assuming that the user also has root access, I take it?
|
|
#
?
Dec 2, 2013 20:40
|
|
|
Suspicious Dish posted:You're assuming that the user also has root access, I take it? The security level accessed by that authentication token is available to the user without root privileges. In the scheme being described it means that a laptop left alone for a minute has the keys to the kingdom available to anyone who wants them. Automated exploitation also becomes much easier, there's basically an exploit API.
|
|
#
?
Dec 2, 2013 20:50
|
|
|
Zombywuf posted:The security level accessed by that authentication token is available to the user without root privileges. Huh? The authentication agent which retrieves the password as part of the login process (pam_unsuck) has root privileges. The user doesn't have free access to that authentication token.
|
|
#
?
Dec 2, 2013 21:06
|
|
|
Suspicious Dish posted:Huh? The authentication agent which retrieves the password as part of the login process (pam_unsuck) has root privileges. The user doesn't have free access to that authentication token. The goal here, appears to be "allowing" the user to just shove all their passwords into the keyring which unlocks on login. This means anyone with physical access to a machine, even for a moment, that has been logged in to is wide open for exploitation. The token itself may not be open (I assume no-one is daft enough to allow storing the sudo pass in the unlocked keyring, well I hope so) but if you can do everything with it you would otherwise be able to do if you actually had it then you don't need the actual token.
|
|
#
?
Dec 2, 2013 21:17
|
|
|
fritz posted:you sure l/L/fancyL are variables and not spaces or w/ever l is a single layer, L is the whole set of layers, script L is what the author writes when he wants to indicate l but there are 1s and other ls in the same part of the formula for either variable names or iterators
|
|
#
?
Dec 2, 2013 21:38
|
|
|
The goal here is to allow passwordless methods of authentication, such as autologin and fingerprint, that allows the user to login through alternative methods, and have access to all their data without additional prompts. Yes: a currently open session as a user will offer you to perform actions as if you are the user. I'm not sure what's so groundbreaking or broken about this. People can send emails as you, tweet as you, and (thankfully) post to these forums as you. If you're away from your computer, lock your session. It's a simple keybinding (either Ctrl+Alt+L or Super+L work fine)
|
|
#
?
Dec 2, 2013 21:39
|
|
|
Suspicious Dish posted:The goal here is to allow passwordless methods of authentication, such as autologin and fingerprint, that allows the user to login through alternative methods, and have access to all their data without additional prompts. This is kinda like making a car you can use without having to find your keys. quote:Yes: a currently open session as a user will offer you to perform actions as if you are the user. I'm not sure what's so groundbreaking or broken about this. People can send emails as you, tweet as you, and (thankfully) post to these forums as you. Posting to the forums as me I don't care about anywhere near as much as spend money as me or send signed emails as me.
|
|
#
?
Dec 2, 2013 21:46
|
|
|
it is almost as if Zombywuf has literally no idea how the Windows Data Protection API or the iOS/OS X Keychain Services work.
|
|
#
?
Dec 2, 2013 21:50
|
|
|
Zombywuf posted:This is kinda like making a car you can use without having to find your keys. Besides the part where you actually have to log in, sure. Yes, somebody can drive your car if you don't lock it and leave the keys in it.
|
|
#
?
Dec 2, 2013 21:53
|
|
|
|
|
#
?
Dec 2, 2013 21:54
|
|
|
pseudorandom name posted:it is almost as if Zombywuf has literally no idea how the Windows Data Protection API or the iOS/OS X Keychain Services work. It's almost as if Gnome has nothing to do with these.
|
|
#
?
Dec 2, 2013 21:55
|
|
|
Suspicious Dish posted:Besides the part where you actually have to log in, sure. Yes, somebody can drive your car if you don't lock it and leave the keys in it. You mean I have to use my keys *every time* I want to use my car?
|
|
#
?
Dec 2, 2013 21:56
|
|
|
You can leave the keys in it if you're feeling risky or if you're comfortable nobody will take it (I leave my keys in the car when I park my car in the garage. No, this isn't an analogy), but yes, you need to lock up your machinery when you're in a place where you feel like you aren't safe. I don't see how this is any different from Windows or OS X.
|
|
#
?
Dec 2, 2013 22:00
|
|
|
Suspicious Dish posted:I don't see how this is any different from Windows or OS X. it isn't. well, except they have TPM support, which means in addition to a user-specific protected storage encrypted using a key derived from the user's password, they also have a machine-specific protected storage encrypted using a randomly generated key that is stored in a location that can only be accessed by OS software satisfying the TPM's chain-of-trust requirements
|
|
#
?
Dec 2, 2013 22:05
|
|
|
Suspicious Dish posted:If you're away from your computer, lock your session. It's a simple keybinding (either Ctrl+Alt+L or Super+L work fine) seriously this is one of those bogus you're-already-past-the-airlock things raymond chen is always bitching about
|
|
#
?
Dec 2, 2013 22:34
|
|
|
like, seriously zombywuf, if you have any suggestions about making it more secure, we're all ears. but allowing the user to login with fingerprint and then showing a password dialog immediately after is not a good user experience. the user chose not to log in with a password! also: <Jasper> I have a field complaint from a user who's mad about seahorse. <Jasper> """I use GPG, I get a passphrase prompt - so far so good. I use it again: no prompt. No options to enable Seahorse to make it forget. No options to time it out. No options to disable the drat thing on launch. Everything depends on it. gpg-agent already running, no problem Seahorse will just take over. I HAVE A STRONG PASSPHRASE I HAVE GONE TO THE TROUBLE OF REMEMBERING AND SEAHORSE IS RENDERING IT WORTHLESS.""" <stefw> ... <stefw> nothing to do with seahorse per-se ... but yeah, that is a use case we don't cover very well <stefw> without disabling the gpg prompt <stefw> i'm not against such an option though
|
|
#
?
Dec 2, 2013 23:20
|
|
|
Tiny Bug Child posted:seriously this is one of those bogus you're-already-past-the-airlock things raymond chen is always bitching about tbc was... right???????
|
|
#
?
Dec 2, 2013 23:21
|
|
|
i refuse to loving believe tbc reads the old new thing
|
|
#
?
Dec 2, 2013 23:26
|
|
|
Share Bear posted:l is a single layer, L is the whole set of layers, script L is what the author writes when he wants to indicate l but there are 1s and other ls in the same part of the formula for either variable names or iterators it should be almost immediately obvious why this is dumb. any moderately complicated problem becomes a complete mess of trying to hunt down parenthesis, tracking tons of stuff over multiple lines, and other poo poo. you can start simplifying equations by chunking it up into other variables, but then you have to somehow describe them and have the same abstraction problem. just read the text around the equations, god drat challenge: rewrite maxwell's equations with verbose variable names. probably also need to unpack and redefine the gradient operator, i guess without special notation for derivatives because thats also too hard. then solve some simple problems, then try to solve some graduate level E&M problems
|
|
#
?
Dec 2, 2013 23:51
|
|
|
Otto Skorzeny posted:i refuse to loving believe tbc reads lol i thought that was tef
|
|
#
?
Dec 2, 2013 23:57
|
|
|
someone needs to buy tef and shaggar their old avatars now that we're used to the new ones
|
|
#
?
Dec 3, 2013 00:02
|
|
|
Suspicious Dish posted:like, seriously zombywuf, if you have any suggestions about making it more secure, we're all ears. but allowing the user to login with fingerprint and then showing a password dialog immediately after is not a good user experience. the user chose not to log in with a password! There is no way to make fingerprints secure. For my use case, I would like Thunderbird to ask me for my passphrase every time it wants to sign a message as me. Basically I want the timeout option back in. I'd like Gnome to stop impersonating GPG agent like they own the entire loving stack. I am not the only one http://askubuntu.com/questions/349238/how-can-i-clear-my-cached-gpg-password
|
|
#
?
Dec 3, 2013 00:10
|
|
|
Zombywuf posted:There is no way to make fingerprints secure. we all know this, but fingerprint login are required by gov't agencies. they're dumb and stupid, but it's a sell to them. the user chose to be "insecure" like with passwordless login (i don't have any password on my user account on my laptop -- its all disk encryption, which is more secure), we shouldn't bother them any longer. the same thing will be true with non-local logins. something people are asking us for is a chrome-like system where you auth with your google account, and enterprise login is another case to think about stef already filed a bug for the option to have the gnome-keyring daemon not save your gpg key password.
|
|
#
?
Dec 3, 2013 00:19
|
|
|
making your poo poo insecure to get government $$$ seems counterintuitive somehow
|
|
#
?
Dec 3, 2013 00:25
|
|
|
yep. fingerprint auth is super dumb, but its "the future" to a ton of places (not just the govt), and we have to support it. those places are less secure, but imo its not our place to tell them what they can / cant do.
|
|
#
?
Dec 3, 2013 00:42
|
|
|
and tbh its probably better than the passwords that those people would choose anyway
|
|
#
?
Dec 3, 2013 00:43
|
|
|
Suspicious Dish posted:stef already filed a bug for the option to have the gnome-keyring daemon not save your gpg key password. Cool, although this has lead me to look at the current outstanding bugs, I'm sad now.
|
|
#
?
Dec 3, 2013 00:45
|
|
|
are you guys saying thumbprint auth is bad cause thumbs are stealable/thumbprint readers aren't very good or do you think the resulting scan data cant be stored securely ?
|
|
#
?
Dec 3, 2013 00:51
|
|
|
clearly what i want for a secure authentication mechanism that proves it's me is something that is on everything i touch, ever also all of the above
|
|
#
?
Dec 3, 2013 00:53
|
|
|
Share Bear posted:l is a single layer, L is the whole set of layers, script L is what the author writes when he wants to indicate l but there are 1s and other ls in the same part of the formula for either variable names or iterators ugh, script L is a bad choice there, just put a hat on l IMO.
|
|
#
?
Dec 3, 2013 00:55
|
|
|
In some countries fingerprint readers became popular on cars to prevent carjackings. Carjackers started stealing fingers.
|
|
#
?
Dec 3, 2013 00:56
|
|
|
fritz posted:ugh, script L is a bad choice there, just put a hat on l IMO. hats are for unit vectors and estimates best imo is subscript and doing s != r type thing
|
|
#
?
Dec 3, 2013 00:58
|
|
|
do people at least have to scan their finger every time? at least ios does that i think
|
|
#
?
Dec 3, 2013 00:58
|
|
|
Suspicious Dish posted:i know you like to be snarky, but it's the interaction between user-resizable windows, different-sized content, and scrolled views that's hard. if you do it wrong, you'll lose the scrollbar's place on resize, or when you add new content, it will be in this tiny little window since the new content was meant to be in a larger window. it had a lot of issues when we tried it out with user testing, and most of them went away when we fixed the window size. "it's hard" is not a defense when your competitors have managed to do this since 1998 kde will happily let you resize your control panel while also supporting bidi text, arbitrarily high DPI, dozens of foreign scripts etc
|
|
#
?
Dec 3, 2013 02:46
|
|
|
Suspicious Dish posted:like, seriously zombywuf, if you have any suggestions about making it more secure, we're all ears. but allowing the user to login with fingerprint and then showing a password dialog immediately after is not a good user experience. the user chose not to log in with a password! admitting that you can't be arsed to support a use case is not the same as actually, you know, supporting the loving use case gnome 3 does less than gnome 2 did. it does less than kde 4 currently does. it's just a really awkward environment
|
|
#
?
Dec 3, 2013 02:48
|
|
|
Notorious b.s.d. posted:admitting that you can't be arsed to support a use case is not the same as actually, you know, supporting the loving use case i said i would relay it to stefw and post the results. a bug has been filed, and patches are being worked on. i cant promise a complete feature an hour after it's requested.
|
|
#
?
Dec 3, 2013 02:49
|
|
|
Notorious b.s.d. posted:"it's hard" is not a defense when your competitors have managed to do this since 1998 last time i tried this, it kept forgetting my scroll window position when i went to/from pages, and kept resizing itself when there was new content so it would fit itself on the screen anyway. browsers have the same problem too. i'm not saying it's technologically impossible, just saying it's really hard to provide something that feels clean to the user. the new control center shell rewrite will be a resizeable window.
|
|
#
?
Dec 3, 2013 02:51
|
|
|
Shaggar posted:are you guys saying thumbprint auth is bad cause thumbs are stealable/thumbprint readers aren't very good or do you think the resulting scan data cant be stored securely ? the former how do you revoke a thumbprint after it gets uploaded to the pirate bay?
|
|
#
?
Dec 3, 2013 02:54
|
|
|
|
| # ? May 17, 2024 23:24 |
|
|
"trust me, we're going to do all the hard-but-necessary stuff in the re-write" --gnome 3
|
|
#
?
Dec 3, 2013 02:57
|
|
