Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]



On Wed, 2006-09-13 at 20:06 +0200, Chipzz wrote:
> On Wed, 13 Sep 2006, Wouter Bolsterlee wrote:
> 
> > P�ue, Sep 12, 2006 at 02:12:57PM +0200, Chipzz skrev:
> >> Yes, and it is an very stupid idea to use it. Reading those entries, it
> >> would appear you are just being lazy and care little about security.
> >
> > What's wrong/insecure with unlocking your WLAN key on login?
> 
> http://uwstopia.nl/blog/2006/08/password-hell-gdm-ssh-gnome-keyring
> 
> "Make sure you use the same password to unlock your ssh keys as you use
> to login to your machine."
> 
> And:
> 
> http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/
> 
> "auth optional pam_keyring.so try_first_pass"
> 
> You need to make your keyring passphrase to same as your login password.
> This is exactly what gnome keyring tries to avoid: using the same
> password for everything. Effectively, you're using one password (and
> what's worse: encouraging people that probably don't know any better to
> do the same) for different things that are intended to have different
> passwords/passphrases.
> 
> >> I don't see the point in saving yourself a few keystrokes, especially
> >> since you only have to type your ssh passphrases once (at the beginning
> >> of your session), and your gnome keyring passphrase also only once. I
> >> would advise strongly against using it.
> >
> > So, adding Evolution to the list, your recommendation is that I type 6
> > (bios/boot, gdm login, ssh, gpg, wlan, email) passwords each time I boot my
> > computer (which is several times a day when I'm on the road).
> 
> It's really ironic that you go through all the trouble to set up that
> many different passwords, when every password is the same? How does that
> improve security?
> Ssh passphrases were intended as an extra barrier. And for a good reason
> too. If you do not like that barrier, then why do you use it in the first
> place?
> But what you're arguing sounds a lot like: I don't want any passwords,
> lets do away with them all together.
> 
> And you do know about suspend, right?
> 
> > Thanks for your helpful advice. I'll make sure I'll type 6 passphrases to
> > get my computer to work. It will greatly improve my computer experience and
> > my feeling of security. Thanks, again.
> >
> >  mvrgr, Wouter
> 
> If you want to shoot yourself in the foot, then by all means do so. But
> please do not encourage other people to do the same.
> 
> kr,
> 
> Chipzz AKA
> Jan Van Buggenhout
> -- 

Some more outside reading for those interested.  Just showed up on the
front page of http://digg.com

http://www.paymentsnews.com/2006/09/volume_of_busin.html

Jon





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]