popy2k14
commented
3 weeks ago That's really a security concern! Is there a solution, so we can force the need of an additional key? (Like on windows hello?)
Open t3dium opened 2 months ago
popy2k14
commented
3 weeks ago That's really a security concern! Is there a solution, so we can force the need of an additional key? (Like on windows hello?)
boltgolt
commented
3 weeks ago Take a look at rubberstamps in v3, they add an optional step after authentication like nodding for auth and shaking for deny
popy2k14
commented
3 weeks ago @boltgolt that would be an good way, but better would be just an simple dialog which you have to confirm, when you want to confirm the authentification. Like in windows the UAC dialog. IDK if this can be done in an pam so module.
With this workaround: https://github.com/boltgolt/howdy/issues/945#issuecomment-2455510445 you have to press "enter" (with an empty PW) to start howdy face recognition. But as stated in the comment, you can simple trick this and escalate with an "echo".
Any idea's ow to make howdy usage/integration safer but keep "convenience"?
PS.: i know that face authentification is per se "unsecure", but without confirming "authentification" it's MUCH more unsecure, taht it could be.
Under "a note on security" you say:
I think the issue that's currently mentioned isn't particularly significant as it would require the laptop to be stolen in a running state. Which wouldn't be an issue if the laptop were powered off and encrypted with LUKS, as you still need the LUKS password. If it weren't encrypted to begin with, then the device was already insecure if stolen.
However I think there's a far more significant risk that comes with using howdy - the fact that it removes any need for manual authentication, as you aren't manually typing a password, it automatically authenticates you. The danger with this is that any app can just elevate to root and compromise your system to a much greater extent with the only requirement being that you have to be sitting in front of your computer. This makes malware or RCE vulnerabilities much more dangerous than they would've otherwise been.
I think to address this problem, howdy should require the user to manually enter a keybinding before it proceeds with authentication. The setting which configures this keybind would also ideally be stored in an area which programs cannot read without root privileges.
At the moment, using howdy is as just as insecure as not having a password configured, no? At least in the attack scenario described and not in the event that someone steals your running laptop.