Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]
- From: Jon Nettleton <jon nettleton gmail com>
- To: desktop-devel-list gnome org
- Subject: Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]
- Date: Wed, 13 Sep 2006 19:25:55 -0400
On Wed, 2006-09-13 at 20:06 +0200, Chipzz wrote:
> On Wed, 13 Sep 2006, Wouter Bolsterlee wrote:
> > P�ue, Sep 12, 2006 at 02:12:57PM +0200, Chipzz skrev:
> >> Yes, and it is an very stupid idea to use it. Reading those entries, it
> >> would appear you are just being lazy and care little about security.
> > What's wrong/insecure with unlocking your WLAN key on login?
> "Make sure you use the same password to unlock your ssh keys as you use
> to login to your machine."
> "auth optional pam_keyring.so try_first_pass"
> You need to make your keyring passphrase to same as your login password.
> This is exactly what gnome keyring tries to avoid: using the same
> password for everything. Effectively, you're using one password (and
> what's worse: encouraging people that probably don't know any better to
> do the same) for different things that are intended to have different
> >> I don't see the point in saving yourself a few keystrokes, especially
> >> since you only have to type your ssh passphrases once (at the beginning
> >> of your session), and your gnome keyring passphrase also only once. I
> >> would advise strongly against using it.
> > So, adding Evolution to the list, your recommendation is that I type 6
> > (bios/boot, gdm login, ssh, gpg, wlan, email) passwords each time I boot my
> > computer (which is several times a day when I'm on the road).
> It's really ironic that you go through all the trouble to set up that
> many different passwords, when every password is the same? How does that
> improve security?
> Ssh passphrases were intended as an extra barrier. And for a good reason
> too. If you do not like that barrier, then why do you use it in the first
> But what you're arguing sounds a lot like: I don't want any passwords,
> lets do away with them all together.
> And you do know about suspend, right?
> > Thanks for your helpful advice. I'll make sure I'll type 6 passphrases to
> > get my computer to work. It will greatly improve my computer experience and
> > my feeling of security. Thanks, again.
> > mvrgr, Wouter
> If you want to shoot yourself in the foot, then by all means do so. But
> please do not encourage other people to do the same.
> Chipzz AKA
> Jan Van Buggenhout
Some more outside reading for those interested. Just showed up on the
front page of http://digg.com
] [Thread Prev