Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]

[Chipzz <chipzz ULYSSIS Org>]

On Wed, 13 Sep 2006, Wouter Bolsterlee wrote:

> På Tue, Sep 12, 2006 at 02:12:57PM +0200, Chipzz skrev:
> > Yes, and it is an very stupid idea to use it. Reading those entries, it
> > would appear you are just being lazy and care little about security.
>
> What's wrong/insecure with unlocking your WLAN key on login?

http://uwstopia.nl/blog/2006/08/password-hell-gdm-ssh-gnome-keyring

"Make sure you use the same password to unlock your ssh keys as you use
to login to your machine."

And:

http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/

"auth optional pam_keyring.so try_first_pass"

You need to make your keyring passphrase to same as your login password.
This is exactly what gnome keyring tries to avoid: using the same
password for everything. Effectively, you're using one password (and
what's worse: encouraging people that probably don't know any better to
do the same) for different things that are intended to have different
passwords/passphrases.

> > I don't see the point in saving yourself a few keystrokes, especially
> > since you only have to type your ssh passphrases once (at the beginning
> > of your session), and your gnome keyring passphrase also only once. I
> > would advise strongly against using it.
>
> So, adding Evolution to the list, your recommendation is that I type 6
> (bios/boot, gdm login, ssh, gpg, wlan, email) passwords each time I boot my
> computer (which is several times a day when I'm on the road).

It's really ironic that you go through all the trouble to set up that
many different passwords, when every password is the same? How does that
improve security?
Ssh passphrases were intended as an extra barrier. And for a good reason
too. If you do not like that barrier, then why do you use it in the first
place?
But what you're arguing sounds a lot like: I don't want any passwords,
lets do away with them all together.

And you do know about suspend, right?

> Thanks for your helpful advice. I'll make sure I'll type 6 passphrases to
> get my computer to work. It will greatly improve my computer experience and
> my feeling of security. Thanks, again.
>
>  mvrgr, Wouter

If you want to shoot yourself in the foot, then by all means do so. But
please do not encourage other people to do the same.

kr,

Chipzz AKA
Jan Van Buggenhout
--

------------------------------------------------------------------------
                 UNIX isn't dead - It just smells funny
                           Chipzz ULYSSIS Org
------------------------------------------------------------------------
"Baldric, you wouldn't recognize a subtle plan if it painted itself pur-
 ple and danced naked on a harpsicord singing 'subtle plans are here a-
 gain'."