Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Wednesday, December 11, 2019 7:09:41 PM MST Kevin Kofler wrote: > John M. Harris Jr wrote: > > > To clarify a bit, the most common method of extracting a key from a TPM > > has been to simply desolder the TPM from the system and solder it onto > > another system. This works with the popular

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 12, 2019 6:54:38 AM MST Marius Schwarz wrote: > Am 06.12.19 um 21:04 schrieb Chris Murphy: > > > swap being compromised. Case 2 is present day Fedora "full disk > > encryption" which does not lock down the bootloader, /boot volume is > > not encrypted, and thus the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 12, 2019 6:04:55 AM MST Marius Schwarz wrote: > because I already tried it ;) it's a tty problem with high secure ttys, > hvcsomething. Thats the only one, the system accepts input from at > start, but with QEMU that tty isn't present. Adding the normal ttys to > the trusted

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 12, 2019 4:56:04 AM MST Marius Schwarz wrote: > You mean, that when plymouth comes on, there is no real UI system that > could handle mouse events, which are needed > to simulate a osk. But that can't honestly be so much hassle, as we > don't need a full featured mouse

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/12/19 6:56 AM, Marius Schwarz wrote: On the other hand, as android is capable of FDE, they must have made some importanted changes that can be of use here. Right, because Android has full control of the entire boot process, so they only need the user input  at the end where all the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, 2019-12-12 at 03:09 +0100, Kevin Kofler wrote: > John M. Harris Jr wrote: > > To clarify a bit, the most common method of extracting a key from a TPM > > has been to simply desolder the TPM from the system and solder it onto > > another system. This works with the popular implementations.

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 21:04 schrieb Chris Murphy: > swap being compromised. Case 2 is present day Fedora "full disk > encryption" which does not lock down the bootloader, /boot volume is > not encrypted, and thus the initramfs is vulnerable to a targeted > attack which could be used to deploy a key

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 07.12.19 um 01:09 schrieb Kevin Kofler: > > Anaconda should encrypt /boot too. Calamares does it. GRUB supports it > FULL ACK. Marius ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 23:22 schrieb Chris Murphy: > > Is it your position that encrypting ~/ alone is not an incremental > improvement? Are you suggesting it's necessary to assume Fedora > Workstation users are subject to targeted attacks? And therefore > install time default must encrypt /, /home, swap?

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 17:40 schrieb John M. Harris Jr: > >> If the vm is paravirtualized ( i.e. Xen ) you can't even enter a >> plymouth password to unlock a drive. > Well, you can. Why wouldn't you be able to? because I already tried it ;) it's a tty problem with high secure ttys, hvcsomething. Thats

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 17:33 schrieb John M. Harris Jr: >> But plymouth ui needs to be changed anyway to get a working OSK, or >> tablets and mobiles are not be able to use encryption. > What you're asking for would be incredibly difficult. It could be done, but > not with Plymouth, and not without

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

John M. Harris Jr wrote: > To clarify a bit, the most common method of extracting a key from a TPM > has been to simply desolder the TPM from the system and solder it onto > another system. This works with the popular implementations. Surely that is not a process that you want to advertise to end

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Tuesday, December 10, 2019 12:05:52 PM MST Przemek Klosowski via devel wrote: > On 12/10/19 1:04 PM, Kevin Kofler wrote: > > > Przemek Klosowski via devel wrote: > > > >> 3) Multiple keys allow creating backup keys, preventing the data loss > >> scenario Kevin is worried about. Of course

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Tuesday, December 10, 2019 10:53:39 AM MST Andreas Tunek wrote: > Den tis 10 dec. 2019 kl 15:36 skrev John M. Harris Jr > > Most users, just like most American and UK users, set their keyboard > > layout to their > > primary layout, and then don't change it, unless it's to try out Dvorak, > >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/10/19 1:04 PM, Kevin Kofler wrote: Przemek Klosowski via devel wrote: 3) Multiple keys allow creating backup keys, preventing the data loss scenario Kevin is worried about. Of course this assumes that the UX for creating backup keys exists, and that people actually do that---but it's

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Chris Murphy wrote: > I'm not sure how people are worried about trojans being injected into > an unencrypted root, while also not at all concerned about bootloader > malware, or malware injected into the initramfs or the hibernation > image - which upon resume replaces everything in RAM in favor

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Przemek Klosowski via devel wrote: > 3) Multiple keys allow creating backup keys, preventing the data loss > scenario Kevin is worried about. Of course this assumes that the UX for > creating backup keys exists, and that people actually do that---but it's > possible in principle. The backup key

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

So, this thread is now 175 posts long... The Orig change proposal has been rejected by FESCo. Perhaps we should just let this thread go now? kevin signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Den tis 10 dec. 2019 kl 15:36 skrev John M. Harris Jr : > Most users, just like most American and UK users, set their keyboard > layout to their > primary layout, and then don't change it, unless it's to try out Dvorak, > Colemak, or another alternative keyboard layout for a bit, at which point >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Le mardi 10 décembre 2019 à 07:36 -0700, John M. Harris Jr a écrit : > Most users, > just like most American and UK users, set their keyboard layout to > their primary layout, and then don't change it, Actually, most non western users spend their time switching between several input methods, one

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Monday, December 9, 2019 9:50:30 PM MST Chris Murphy wrote: > By all means keep doing what you are doing, however it works best for > you and the use cases you care about. I do not find your contribution > in this discssion constructive. It's emotional, opinionated, > demanding, stubborn, and

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Tuesday, December 10, 2019 12:24:17 AM MST David Kaufmann wrote: > On Mon, Dec 09, 2019 at 09:25:06PM -0700, Chris Murphy wrote: > > The installer doesn't support such a configuration. No portion of the > > bootloader nor the boot volume, can be encrypted. > > I do consider this a bug, but as

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Mon, Dec 09, 2019 at 09:25:06PM -0700, Chris Murphy wrote: > The installer doesn't support such a configuration. No portion of the > bootloader nor the boot volume, can be encrypted. I do consider this a bug, but as there is no stable solution for that right now we can't just "fix it". >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Mon, Dec 9, 2019 at 6:35 PM John M. Harris Jr wrote: > > On Monday, December 9, 2019 1:42:01 PM MST Chris Murphy wrote: > > The alternative, to put a fine point on it, would > > mean creating some small subset of the entire GNOME stack to stuff > > into the initramfs in order to provide input,

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Mon, Dec 9, 2019 at 6:33 PM John M. Harris Jr wrote: > > On Monday, December 9, 2019 1:42:01 PM MST Chris Murphy wrote: > > I'm not sure how people are worried about trojans being injected into > > an unencrypted root, while also not at all concerned about bootloader > > malware, or malware

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Monday, December 9, 2019 1:42:01 PM MST Chris Murphy wrote: > The alternative, to put a fine point on it, would > mean creating some small subset of the entire GNOME stack to stuff > into the initramfs in order to provide input, keymapping, and UI to > have the minimum a11y function and i18n

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Monday, December 9, 2019 1:42:01 PM MST Chris Murphy wrote: > I'm not sure how people are worried about trojans being injected into > an unencrypted root, while also not at all concerned about bootloader > malware, or malware injected into the initramfs or the hibernation > image - which upon

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/6/19 10:02 PM, John M. Harris Jr wrote: On Friday, December 6, 2019 5:14:24 PM MST Kevin Kofler wrote: Marius Schwarz wrote: "Figure out intersection with current work to use the TPM to allow booting to GDM without entering the password." Means, if someone steals the device, he can

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Mon, Dec 9, 2019 at 1:11 PM Przemek Klosowski via devel wrote: > > On 12/6/19 7:19 PM, Kevin Kofler wrote: > > Lennart Poettering wrote: > >> If you know where stuff is located you can change individual blocks in > >> files. You are not going to know what you are changing them to, but > >> you

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/6/19 7:19 PM, Kevin Kofler wrote: Lennart Poettering wrote: If you know where stuff is located you can change individual blocks in files. You are not going to know what you are changing them to, but you can change it and traditional files will not detect that you did that. Then you get

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fri, Dec 06, 2019 at 07:58:07PM -0700, John M. Harris Jr wrote: > Encrypting $HOME would certainly be "an incremental improvement", but it > shouldn't be done unless the user chooses to do it, and it probably shouldn't > be done using the same passphrase they use for their user account. That

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

John M. Harris Jr wrote: > On Friday, December 6, 2019 10:05:42 AM MST Przemek Klosowski via devel > wrote: >> Many systems have 8, 16 or even 32GB of RAM now. Mine has 16GB, and and >> I regularly run out of memory because some Chrome tab is open to a >> website that keeps reloading ads and

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

John M. Harris Jr wrote: > That is simply not the case. While most new consumer x86_64 hardware comes > with UEFI on by default, unless it came with Windows installed, Secure > Boot is normally disabled. Unfortunately, most hardware out there comes preinfected with Window$. Kevin Kofler

Suspend-to-Disk vs Suspend-to-RAM (was: Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default)

(New thread since this is unrelated to the original subject.) On Fri, Dec 6, 2019, at 9:44 PM, John M. Harris Jr wrote: > On Friday, December 6, 2019 11:22:34 AM MST Chris Murphy wrote: > > On Fri, Dec 6, 2019 at 7:46 AM John M. Harris Jr > > wrote: [...] > It's simply false to say that

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 5:14:24 PM MST Kevin Kofler wrote: > Marius Schwarz wrote: > > > "Figure out intersection with current work to use the TPM to allow > > booting to GDM without entering the password." > > > > Means, if someone steals the device, he can boot a system. > > > And

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 3:22:48 PM MST Chris Murphy wrote: > Is it your position that encrypting ~/ alone is not an incremental > improvement? Are you suggesting it's necessary to assume Fedora > Workstation users are subject to targeted attacks? And therefore > install time default must

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 11:22:34 AM MST Chris Murphy wrote: > On Fri, Dec 6, 2019 at 7:46 AM John M. Harris Jr > wrote: > > > > > > On Thursday, December 5, 2019 8:12:13 PM MST Chris Murphy wrote: > > > > > Using the word to be defined in the definition is insufficient and > > > vague. It's

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 10:05:42 AM MST Przemek Klosowski via devel wrote: > Many systems have 8, 16 or even 32GB of RAM now. Mine has 16GB, and and > I regularly run out of memory because some Chrome tab is open to a > website that keeps reloading ads and leaking memory, sometimes consuming >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Lennart Poettering wrote: > If you know where stuff is located you can change individual blocks in > files. You are not going to know what you are changing them to, but > you can change it and traditional files will not detect that you did that. Then you get unpredictable garbage as the result,

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Marius Schwarz wrote: > "Figure out intersection with current work to use the TPM to allow > booting to GDM without entering the password." > > Means, if someone steals the device, he can boot a system. And conversely, if you move the hard disk to another computer, you can no longer read it.

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Chris Murphy wrote: > Is it your position that encrypting ~/ alone is not an incremental > improvement? Are you suggesting it's necessary to assume Fedora > Workstation users are subject to targeted attacks? And therefore > install time default must encrypt /, /home, swap? And that this > targeted

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Chris Murphy wrote: > Hibernation is out of scope to rely on, let alone make a default, for > at least the following reasons: [snip] > b. It's disabled by kernel lockdown on UEFI Secure Boot systems. This, in fact, is one more reason to disable Restricted Boot first thing, before doing anything

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fri, Dec 6, 2019 at 9:41 AM John M. Harris Jr wrote: > > On Friday, December 6, 2019 8:27:32 AM MST Marius Schwarz wrote: > > "Figure out intersection with current work to use the TPM to allow > > booting to GDM without entering the password." > > > > Means, if someone steals the device, he

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/6/19 11:40 AM, John M. Harris Jr wrote: Means, if someone steals the device, he can boot a system. Even if we assume that the systemcode is safe and there is no way to interrupt the bootprocess, we are now able to attack the login, which will be much easier than the encryption key, which

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fri, Dec 6, 2019 at 8:28 AM Marius Schwarz wrote: > > Am 05.12.19 um 23:02 schrieb Chris Murphy: > > read "LUKS by default" > > https://pagure.io/fedora-workstation/issue/82 > > If you read the whole thing, you should come to understand why the > initial agreement to implement full disk

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fr, 06.12.19 18:58, Lata Lante (latala...@cock.li) wrote: > > If you use LUKS/dm-crypt without dm-integrity and you have a clue > > where things are located then you can change files without anything > > being able to detect that. (On btrfs you might have some luck, since > > it has data

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

> If you use LUKS/dm-crypt without dm-integrity and you have a clue > where things are located then you can change files without anything > being able to detect that. (On btrfs you might have some luck, since > it has data checksumming, but ext4 and other traditional file systems > do not). Of

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fri, Dec 6, 2019 at 7:46 AM John M. Harris Jr wrote: > > On Thursday, December 5, 2019 8:12:13 PM MST Chris Murphy wrote: > > Using the word to be defined in the definition is insufficient and > > vague. It's meaningless. > > > > Feature existence is not support. The community members make a

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fr, 06.12.19 16:42, Marius Schwarz (fedora...@cloud-foo.de) wrote: > Am 06.12.19 um 08:57 schrieb Lennart Poettering: > > If you know where stuff is located you can change individual blocks in > > files. You are not going to know what you are changing them to, but > > you can change it and

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fri, Dec 6, 2019, at 11:40 AM, John M. Harris Jr wrote: > Are you suggesting "translating", for lack of a better term, the passphrase > between all available keyboard layouts? That would decrease the effective > security of your system considerably.. > I'd suggest "translating" the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/5/19 6:48 PM, John M. Harris Jr wrote: c. Resource requirements are excessive, there's no dynamic allocation so to be safe you need to allocate a minimum of 1x RAM for a swap partition used for a hibernation image. As a consequence, there's now an excessive amount of relatively slow swap

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 8:27:32 AM MST Marius Schwarz wrote: > Am 05.12.19 um 23:02 schrieb Chris Murphy: > > read "LUKS by default" > > https://pagure.io/fedora-workstation/issue/82 > > > > If you read the whole thing, you should come to understand why the > > initial agreement to implement

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 8:30:48 AM MST Marius Schwarz wrote: > It's not an ui issue, it's a keyboardlayout issue. And therefor teh ui > needs a change, to be able to select the keyboardlayout the password was > entered with, which can differ from the one used on boot. Well, that's not

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 08:57 schrieb Lennart Poettering: > If you know where stuff is located you can change individual blocks in > files. You are not going to know what you are changing them to, but > you can change it and traditional files will not detect that you did that. > That is correct, but i did

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 00:53 schrieb John M. Harris Jr: > > There is really no UI/UX issue. It just needs to ask for a password for a key > to decrypt. That's it. The UI is limited to either: > 1, without Plymouth: A line in a framebuffer asking you to enter a password > 2, with Plymouth: A box in the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 05.12.19 um 23:02 schrieb Chris Murphy: > read "LUKS by default" > https://pagure.io/fedora-workstation/issue/82 > > If you read the whole thing, you should come to understand why the > initial agreement to implement full disk encryption was suspended, and > also that this issue has a history

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 7:50:35 AM MST Marius Schwarz wrote: > Am 05.12.19 um 21:21 schrieb Andreas Tunek: > > On Thu, 5 Dec 2019, 02:11 John M. Harris Jr, > > > > wrote: > > Rebuild initramfs when the system-wide keyboard > > layout is changed. > > > >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 6:52:30 AM MST Marius Schwarz wrote: > If you just go and buy some cheap usb drives from a single seller, you > can endup with the same serial numbers on several drives and i'm not > surprised if they also clone any other IDs. The serial number doesn't actually matter,

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Friday, December 6, 2019 1:02:04 AM MST Lennart Poettering wrote: > On Do, 05.12.19 16:33, John M. Harris Jr (joh...@splentity.com) wrote: > > > > > Locking down the OS itself and locking down the user's home are two > > > different things, because OS integrity should be bound to different >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 05.12.19 um 21:21 schrieb Andreas Tunek: > On Thu, 5 Dec 2019, 02:11 John M. Harris Jr, > wrote: > > > Rebuild initramfs when the system-wide keyboard > layout is changed. > > > I change my keyboard layout several times every hour. > I had the wrong

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 8:12:13 PM MST Chris Murphy wrote: > Using the word to be defined in the definition is insufficient and > vague. It's meaningless. > > Feature existence is not support. The community members make a thing > supported, and it's only by community effort and

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 09:02 schrieb Lennart Poettering: > > Humm, so you turn off gpg verification of RPMs you install? Nah, you > don't, because you put trust in Fedora that the RPMs they build are > somewhat safe to use. That's what vendor trust means. Since regular As the vendor supplies the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 06.12.19 um 00:33 schrieb John M. Harris Jr: > >> Uh, locking down USB like that doesn't really work. USB has no >> mechanism for recognizing devices securely, which means any whitelist >> is pointless because any device can claim to be whatever it wants to >> be. (And yes, it would be great if

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 05.12.19 um 21:40 schrieb Chris Murphy: > > Hibernation is out of scope to rely on, let alone make a default, for > at least the following reasons: > a. It's not sufficiently well supported upstream for regressions that > may appear in new kernels, and not supported by the Fedora kernel > team.

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fri, Dec 6, 2019 at 3:02 AM Lennart Poettering wrote: > Humm, so you turn off gpg verification of RPMs you install? Nah, you > don't, because you put trust in Fedora that the RPMs they build are > somewhat safe to use. That's what vendor trust means. Since regular > users (and even very

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Do, 05.12.19 16:33, John M. Harris Jr (joh...@splentity.com) wrote: > > Locking down the OS itself and locking down the user's home are two > > different things, because OS integrity should be bound to different > > mechanisms than user data encryption. (i.e. OS integrity should be > > bound

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Fr, 06.12.19 00:39, Kevin Kofler (kevin.kof...@chello.at) wrote: > Lennart Poettering wrote: > > No it does not protect against offline modification. That's why > > dm-integrity exists after all. > > How do you want to modify an encrypted file system without being able to > decrypt or encrypt

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 9:02 AM John M. Harris Jr wrote: > Please don't recommend to anyone to use passwords for SSH. That is incredibly > insecure, and if privileged users are using password-based SSH, that'll > quickly lead to a serious compromise of your entire system, depending on the >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 6:40 PM John M. Harris Jr wrote: > > On Thursday, December 5, 2019 6:17:16 PM MST Chris Murphy wrote: > > No it isn't. But as I've asked you for your definition of "support" > > and you still haven't, and I've offered my own and you haven't > > disputed it, I win. That's

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 6:17:16 PM MST Chris Murphy wrote: > On Thu, Dec 5, 2019 at 4:49 PM John M. Harris Jr > wrote: > > > > > > On Thursday, December 5, 2019 1:40:02 PM MST Chris Murphy wrote: > > > > > Hibernation is out of scope to rely on, let alone make a default, for > > > at least

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 4:49 PM John M. Harris Jr wrote: > > On Thursday, December 5, 2019 1:40:02 PM MST Chris Murphy wrote: > > Hibernation is out of scope to rely on, let alone make a default, for > > at least the following reasons: > > a. It's not sufficiently well supported upstream for

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 12:46:51 PM MST Chris Murphy wrote: > Therefore the feature is a no op for most users, who are unlikely to > enable file system discards using either method. This is Fedora, not Sugar on a Stick. Our users are not ignorant of modifying fstab, or similar. I wouldn't

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 3:02:48 PM MST Chris Murphy wrote: > On Thu, Dec 5, 2019 at 4:03 AM Marius Schwarz > wrote: > > > With FDE running and "Suspend-to-disk" selected in your screensafer > > settings, you get asked for your password on hw wakeup before your > > system gets back

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 1:40:02 PM MST Chris Murphy wrote: > Hibernation is out of scope to rely on, let alone make a default, for > at least the following reasons: > a. It's not sufficiently well supported upstream for regressions that > may appear in new kernels, and not supported by the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 9:26:09 AM MST Przemek Klosowski via devel wrote: > On 12/4/19 6:59 PM, John M. Harris Jr wrote: > > On Wednesday, December 4, 2019 12:38:20 PM MST Przemek Klosowski via devel > > > > wrote: > >> - stolen/lost laptop: I think this is the most important one for most

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Lennart Poettering wrote: > No it does not protect against offline modification. That's why > dm-integrity exists after all. How do you want to modify an encrypted file system without being able to decrypt or encrypt anything? Kevin Kofler ___

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 5:32:55 AM MST Lennart Poettering wrote: > > Where is the advantage of homed, considering, that only encrypting > > /home, is a major security flaw by itself. All your goals are > > already there and it's more useful and secure too :) I really have a > > problem

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 4:03 AM Marius Schwarz wrote: > With FDE running and "Suspend-to-disk" selected in your screensafer > settings, you get asked for your password on hw wakeup before your > system gets back running. If someone wants to use such things, he > already can. FDE depends on

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 5:07 AM Marius Schwarz wrote: > > Hi, > > Am 25.11.19 um 22:59 schrieb Samuel Sieb: > > > > Steps 1 - 4 are not benefits, they are workarounds to critical system > > utilities required by this change. I don't understand why this change > > is necessary at all. It only

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 8:57 AM Marius Schwarz wrote: > > Am 05.12.19 um 13:32 schrieb Lennart Poettering: > > Well, the way this has been traditionally done is that the lock screen > is displayed by a program running under the user's identity and that > the user's data is entirely unlocked the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, 5 Dec 2019, 02:11 John M. Harris Jr, wrote: > > > The user experience is nothing like data loss. The users are not stupid. > It's > fine that the keyboard layout for initramfs is only updated when initramfs > is > rebuilt. People don't change their primary keyboard layout very often. I >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 8:04 AM Lennart Poettering wrote: > If you use LUKS/dm-crypt without dm-integrity and you have a clue > where things are located then you can change files without anything > being able to detect that. (On btrfs you might have some luck, since > it has data checksumming, but

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 05, 2019 at 07:02:08AM -0700, John M. Harris Jr wrote: > On Thursday, December 5, 2019 5:41:44 AM MST Nico Kadel-Garcia wrote: ...snip... > > In common usage, very few people encrypt their home directories > > separately from their basic disk image. It makes system management for > >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On 12/4/19 6:59 PM, John M. Harris Jr wrote: On Wednesday, December 4, 2019 12:38:20 PM MST Przemek Klosowski via devel wrote: - stolen/lost laptop: I think this is the most important one for most people; it is mitigaged by a trusted-network-based decryption, unless the device is in

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 05.12.19 um 13:32 schrieb Lennart Poettering: > Well, the way this has been traditionally done is that the lock screen > is displayed by a program running under the user's identity and that > the user's data is entirely unlocked the entire time during suspend, That depends on what you have

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Do, 05.12.19 15:23, Kevin Kofler (kevin.kof...@chello.at) wrote: > Lennart Poettering wrote: > > Uh, first of all plain full disk encryption like we set it up > > typically on Fedora provides confidentiality, not integrity. > > Well, it does protect against offline modification (i.e., "borrow"

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Nico Kadel-Garcia wrote: > Let's not go too far down the "gummy fingerprint" thread. If a > sophisticated person has your laptop, they probably have your > fingerprints, and very few fingerprint scanners successfully resist a > duplicated and printed fingerprint. We were talking about SSH key

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Lennart Poettering wrote: > Uh, first of all plain full disk encryption like we set it up > typically on Fedora provides confidentiality, not integrity. Well, it does protect against offline modification (i.e., "borrow" the computer or the storage devices, put the storage devices into another

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 7:07:04 AM MST Neal Gompa wrote: > Please don't suggest that password-based auth for SSH is insecure. > That's not even close to true. A password isn't terribly different > from an SSH key from an authentication perspective. If the password is > strong or hard to

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thu, Dec 5, 2019 at 9:02 AM John M. Harris Jr wrote: > > On Thursday, December 5, 2019 5:41:44 AM MST Nico Kadel-Garcia wrote: > > If someone wants to spend that much of their resources on homedir > > security, they need to decide whether they want SSH key based access. > > That is manageable

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 5:07:04 AM MST Marius Schwarz wrote: > Hi, > > Am 25.11.19 um 22:59 schrieb Samuel Sieb: > > > > > > > Steps 1 - 4 are not benefits, they are workarounds to critical system > > utilities required by this change. I don't understand why this change > > is necessary

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 5:53:18 AM MST Nico Kadel-Garcia wrote: > On Wed, Dec 4, 2019 at 9:24 PM John M. Harris Jr > wrote: > > > > > > On Wednesday, December 4, 2019 6:02:07 PM MST Kevin Kofler wrote: > > > > > John M. Harris Jr wrote: > > > > > > > > > > > > > Well, you could

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 5:35:09 AM MST Lennart Poettering wrote: > On Do, 05.12.19 04:30, John M. Harris Jr (joh...@splentity.com) wrote: > > Well, you are, in that the average attacker have to break or steal a key > > to decrypt the drive first. Sure, it wouldn't stop a sophisticated > >

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Thursday, December 5, 2019 5:41:44 AM MST Nico Kadel-Garcia wrote: > If someone wants to spend that much of their resources on homedir > security, they need to decide whether they want SSH key based access. > That is manageable by configuring SSH to store SSH public keys in an > alternate

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Wed, Dec 4, 2019 at 9:24 PM John M. Harris Jr wrote: > > On Wednesday, December 4, 2019 6:02:07 PM MST Kevin Kofler wrote: > > John M. Harris Jr wrote: > > > > > Well, you could theoretically use ssh-agent (or equivalent), without > > > changing the protocol in any way. > > > > > > You need

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Wed, Dec 4, 2019 at 6:01 AM Lennart Poettering wrote: > (One thinkable extension of homed's current model btw is to support > logind lingering by asking for the user pw using plymouth. this would > then mean you'd be asked to unlock your user during early boot like as > with classic disk

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Do, 05.12.19 04:30, John M. Harris Jr (joh...@splentity.com) wrote: > > Unless you combine dm-crypt with dm-integrity (which we currently > > generally do not do), or you use dm-verity you are not actually > > protecting the OS from undetected modification. > > Well, you are, in that the

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

On Do, 05.12.19 12:02, Marius Schwarz (fedora...@cloud-foo.de) wrote: > With FDE running and "Suspend-to-disk" selected in your screensafer > settings, you get asked for your password on hw wakeup before your > system gets back running. If someone wants to use such things, he > already can.

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Hi, Am 25.11.19 um 22:59 schrieb Samuel Sieb: > > Steps 1 - 4 are not benefits, they are workarounds to critical system > utilities required by this change.  I don't understand why this change > is necessary at all.  It only affects local logins and if someone > wants to have an empty password,

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

Am 05.12.19 um 09:03 schrieb Nicolas Mailhot via devel: > Really, we should try to change the default to Azerty or the Russian > layout for a release. That would teach qwerty users what is hostile to > users of other layouts or not. It was in the past, and i.e. a live disk is still defaulting to

  1   2   >