Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]
- From: Jon Nettleton <jon nettleton gmail com>
- To: desktop-devel-list gnome org
- Subject: Re: [+gnome] Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]
- Date: Wed, 13 Sep 2006 19:25:55 -0400
On Wed, 2006-09-13 at 20:06 +0200, Chipzz wrote:
> On Wed, 13 Sep 2006, Wouter Bolsterlee wrote:
>
> > P�ue, Sep 12, 2006 at 02:12:57PM +0200, Chipzz skrev:
> >> Yes, and it is an very stupid idea to use it. Reading those entries, it
> >> would appear you are just being lazy and care little about security.
> >
> > What's wrong/insecure with unlocking your WLAN key on login?
>
> http://uwstopia.nl/blog/2006/08/password-hell-gdm-ssh-gnome-keyring
>
> "Make sure you use the same password to unlock your ssh keys as you use
> to login to your machine."
>
> And:
>
> http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/
>
> "auth optional pam_keyring.so try_first_pass"
>
> You need to make your keyring passphrase to same as your login password.
> This is exactly what gnome keyring tries to avoid: using the same
> password for everything. Effectively, you're using one password (and
> what's worse: encouraging people that probably don't know any better to
> do the same) for different things that are intended to have different
> passwords/passphrases.
>
> >> I don't see the point in saving yourself a few keystrokes, especially
> >> since you only have to type your ssh passphrases once (at the beginning
> >> of your session), and your gnome keyring passphrase also only once. I
> >> would advise strongly against using it.
> >
> > So, adding Evolution to the list, your recommendation is that I type 6
> > (bios/boot, gdm login, ssh, gpg, wlan, email) passwords each time I boot my
> > computer (which is several times a day when I'm on the road).
>
> It's really ironic that you go through all the trouble to set up that
> many different passwords, when every password is the same? How does that
> improve security?
> Ssh passphrases were intended as an extra barrier. And for a good reason
> too. If you do not like that barrier, then why do you use it in the first
> place?
> But what you're arguing sounds a lot like: I don't want any passwords,
> lets do away with them all together.
>
> And you do know about suspend, right?
>
> > Thanks for your helpful advice. I'll make sure I'll type 6 passphrases to
> > get my computer to work. It will greatly improve my computer experience and
> > my feeling of security. Thanks, again.
> >
> > mvrgr, Wouter
>
> If you want to shoot yourself in the foot, then by all means do so. But
> please do not encourage other people to do the same.
>
> kr,
>
> Chipzz AKA
> Jan Van Buggenhout
> --
Some more outside reading for those interested. Just showed up on the
front page of http://digg.com
http://www.paymentsnews.com/2006/09/volume_of_busin.html
Jon
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]