[systemd-devel] systemd-crypttab: FIDO2 and passwords

Christian Kastner ckk at debian.org
Mon Mar 8 20:33:30 UTC 2021


On 08.03.21 21:24, Lennart Poettering wrote:
> The way I read the FIDO2 spec the PIN is sent over the USB wire encrypted
> with a shared secret that authenticator and host first securely agreed
> on, to make such man-in-the-middle attacks are not possible. Moreover,
> once the PIN is configured on the device it is never passed at all
> anymore, but just hashes of it when authenticating.
> 
> Hence, to my knowledge there's no reason to second guess that and do
> another level of password checking separately from that.

> It would be easy for us to combine the FIDO2 secret we acquire with a
> user supplied pw that never is seen by the FIDO2 libraries, all before
> passing it to the next layer, but as mentioned I don't think this is
> necessary, the FIDO2 spec is well enough designed to make this
> unnecessary.

That sounds plausible and I no longer have any concerns.

Thanks!


More information about the systemd-devel mailing list