[Bug 1541649] [NEW] Plymouth needs a safe method to unlock the device on boot without a physical keyboard.
Tudor Holton
1541649 at bugs.launchpad.net
Wed Feb 3 23:57:21 UTC 2016
Public bug reported:
My tablet is encrypted, and I'm presented with the plymouth decryption
screen during every boot. However, there is no onscreen keyboard,
causing me to have to dig out a keyboard just to start the machine.
I'd imagine as this goes along we're going to get more and more
keyboardless devices. Windows has already solved this.
I disagree with the comments in bug
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1239004 which is
closely related to this.
The simplest way is to implement an onscreen keyboard. Obviously, it
would have to support everything that could be in a physical keyboard,
tho, or people could lock it with a physical keyboard and then find they
can't unlock it with an onscreen one due to a missing symbol.
Another idea would be not to use a keyboard at all. We could instead use:
(a) a USB key (which has the (dis)advantage of being crackable programmatically)
(b) a sequence of vectors, like phones do (but there's a security risk since on some screens you can see the mark where it's been done repeatedly)
(c) a voice print (fakeable)
(d) a voice password (security risk due to being heard)
(e) a camera image (also fakeable)
(f) randomised visual word ordering with decoys and fail2ban scenarios.
I believe that the safest and most reliable way is simply to use an
onscreen keyboard, however, creating an encryption hook into plymouth
could allow other methods to be used. (f) could also work, tho and may
be considerably easier to implement.
** Affects: plymouth (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to plymouth in Ubuntu.
https://bugs.launchpad.net/bugs/1541649
Title:
Plymouth needs a safe method to unlock the device on boot without a
physical keyboard.
Status in plymouth package in Ubuntu:
New
Bug description:
My tablet is encrypted, and I'm presented with the plymouth decryption
screen during every boot. However, there is no onscreen keyboard,
causing me to have to dig out a keyboard just to start the machine.
I'd imagine as this goes along we're going to get more and more
keyboardless devices. Windows has already solved this.
I disagree with the comments in bug
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1239004 which
is closely related to this.
The simplest way is to implement an onscreen keyboard. Obviously, it
would have to support everything that could be in a physical keyboard,
tho, or people could lock it with a physical keyboard and then find
they can't unlock it with an onscreen one due to a missing symbol.
Another idea would be not to use a keyboard at all. We could instead use:
(a) a USB key (which has the (dis)advantage of being crackable programmatically)
(b) a sequence of vectors, like phones do (but there's a security risk since on some screens you can see the mark where it's been done repeatedly)
(c) a voice print (fakeable)
(d) a voice password (security risk due to being heard)
(e) a camera image (also fakeable)
(f) randomised visual word ordering with decoys and fail2ban scenarios.
I believe that the safest and most reliable way is simply to use an
onscreen keyboard, however, creating an encryption hook into plymouth
could allow other methods to be used. (f) could also work, tho and
may be considerably easier to implement.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1541649/+subscriptions
More information about the foundations-bugs
mailing list