Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]

[Jon Nettleton <jon nettleton gmail com>]

On Wed, 2006-09-13 at 20:06 +0200, Chipzz wrote:
> On Wed, 13 Sep 2006, Wouter Bolsterlee wrote:
> 
> > P�ue, Sep 12, 2006 at 02:12:57PM +0200, Chipzz skrev:
> >> Yes, and it is an very stupid idea to use it. Reading those entries, it
> >> would appear you are just being lazy and care little about security.
> >
> > What's wrong/insecure with unlocking your WLAN key on login?
> 
> http://uwstopia.nl/blog/2006/08/password-hell-gdm-ssh-gnome-keyring
> 
> "Make sure you use the same password to unlock your ssh keys as you use
> to login to your machine."
> 
> And:
> 
> http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/
> 
> "auth optional pam_keyring.so try_first_pass"
> 
> You need to make your keyring passphrase to same as your login password.
> This is exactly what gnome keyring tries to avoid: using the same
> password for everything. Effectively, you're using one password (and
> what's worse: encouraging people that probably don't know any better to
> do the same) for different things that are intended to have different
> passwords/passphrases.
> 
> >> I don't see the point in saving yourself a few keystrokes, especially
> >> since you only have to type your ssh passphrases once (at the beginning
> >> of your session), and your gnome keyring passphrase also only once. I
> >> would advise strongly against using it.
> >
> > So, adding Evolution to the list, your recommendation is that I type 6
> > (bios/boot, gdm login, ssh, gpg, wlan, email) passwords each time I boot my
> > computer (which is several times a day when I'm on the road).
> 
> It's really ironic that you go through all the trouble to set up that
> many different passwords, when every password is the same? How does that
> improve security?
> Ssh passphrases were intended as an extra barrier. And for a good reason
> too. If you do not like that barrier, then why do you use it in the first
> place?
> But what you're arguing sounds a lot like: I don't want any passwords,
> lets do away with them all together.

What this person is arguing is they don't want to have 8 passwords, and
have to type them in every session when they have already typed in the
password that authenticates them to the machine.  Obviously if they
logged into the machine without providing an authentication token then
they there is no way to unlock the passwords for these other services.

Actually the way you define it then we should just ditch gnome-keyring
all together.  It is a system designed to store secrets so you only have
to authenticate once to unlock all your other disparate passwords.  That
would lead to having to type in passwords constantly to access network
shares and ftp servers and websites...a few keystrokes?

Every system has it's own method of authentication because they are
meant to be a stand alone service.  What people are trying to solve now
is the best way to link these systems together without losing the
security we pride ourselves on.  There are different levels of security
that need to be looked at.  For the uber paranoid like you, then have a
different password for every service and feel safe and secure when you
go to bed at night that if someone compromises one of your passwords
that they only have access to that one service.  Other people need one
password that secures everything because if they have 5 passwords they
need to write them down on stickies on their monitors to remember them,
which is hardly secure.

Having the same password on different services are still viable security
efforts.  Say your suspended laptop gets stolen, and you don't have it
lock the screen on wakeup.  Anything you had unlocked is still unlocked
for the taking.  Or say it is locked on suspend you are still relying on
a single password to protect everything that you have already logged
into at that point.  If they break that they have access to everything
in your gnome-keyring and any machine you ssh to with keys setup.  The
person that has their turned off machine stolen has that same security
measure.  If their login password is cracked then they are hosed...more
likely the hacker would just get a root shell from single user mode or
such and then change the login password.  Well now the gnome-keyrings
and ssh private key are still safe because they don't know the password
for them.  Yes more advanced hacking methods can win out, but isn't that
always the case.

At some point security and usability have to meet, or else nobody will
want to use what you are securing.  Our job is to find this magical
place and build gnome around it.

Jon

> 
> And you do know about suspend, right?
> 
> > Thanks for your helpful advice. I'll make sure I'll type 6 passphrases to
> > get my computer to work. It will greatly improve my computer experience and
> > my feeling of security. Thanks, again.
> >
> >  mvrgr, Wouter
> 
> If you want to shoot yourself in the foot, then by all means do so. But
> please do not encourage other people to do the same.
> 
> kr,
> 
> Chipzz AKA
> Jan Van Buggenhout
> -- 
> 
> ------------------------------------------------------------------------
>                   UNIX isn't dead - It just smells funny
>                             Chipzz ULYSSIS Org
> ------------------------------------------------------------------------
> "Baldric, you wouldn't recognize a subtle plan if it painted itself pur-
>   ple and danced naked on a harpsicord singing 'subtle plans are here a-
>   gain'."
> _______________________________________________ desktop-devel-list mailing list desktop-devel-list gnome org http://mail.gnome.org/mailman/listinfo/desktop-devel-list