ecryptfs team mailing list archive

Thread
Date

[Bug 255799] Re: add support for fingerprint readers in pam_ecryptfs

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Thu, 05 Mar 2009 00:07:39 -0000
Reply-to: Bug 255799 <255799@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I am not personally a fan of fingerprint readers on their own because
often they can be subverted (see Dustin's comment) and because I
generally don't like amputation-ware (I like all my parts where they are
now, thanks). That said, someone else may have a really good reader and
want to use it, and I'd have to agree with Roger that just because I,
Dustin and other security professionals don't find them useful for
passwords, that doesn't mean they shouldn't be supported, if those
interested want to put in the work.

Combining a fingerprint reader with other authentication mechanisms can
make things more secure. Eg, the fingerprint (something that uniquely
identifies you), with a password (something you know) and a smart
card/usbkey (something you have) would offer quite strong protection
(not to mention rather severe usability issues). In this scenario an
attacker needs to obtain three different tokens, which is likely more
difficult than two and certainly more than just one.

** Changed in: ecryptfs-utils (Ubuntu)
       Status: Won't Fix => Confirmed

-- 
add support for fingerprint readers in pam_ecryptfs
https://bugs.launchpad.net/bugs/255799
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Confirmed

Bug description:
Binary package hint: ecryptfs-utils

User request, it seems a good wishlist item to me...

"It does not seem currently possible to use this solution in combination with a fingerprint reader, since the pam module has to intercept the login password. Is this going to be a possibility in the future?" -- woutersj 


:-Dustin