Re: GNOME keyring unlocking

On Thu, 2013-10-10 at 14:05 +0100, fox_aaawkq wrote:
On Thu, 2013-10-10 at 13:13 +0300, p10 wrote:
if you're going to enter your password after 5 seconds anyway, which
makes this feature incompatible with "Online accounts" .

My solution is to use two keyrings. I have a passwordless keyring for IM
and other stuff that is accessed immediately on auto-login.
      Then I have a protected keyring that stores the passwords for
Evolution, encrypted folders and other things I want to keep secure.
      This means I only need to enter the password when I open Evolution or
something protected, and not immediately everytime I turn the machine
on. Which also means I can give it to a friend and let them browse the
internet or whatever without worrying about them accessing private data.

You seem to be under the impression that auto-login should in some way
be just as secure, without any form of authentication. If you don't need
to enter a password, then it doesn't matter what technical wizardry you
use to unlock the keyring, all someone needs to do is turn your computer
on, and they have full access to your stuff.
      You must either choose to have your data protected or unprotected.
Using the two keyring mechanism, like me, you can choose that on a more
fine-grained level, rather than having to make everything unprotected

The idea is that nobody has physical access to my machine . It's at
home , it doesn't have some nuclear-rocket-schematics-like information ,
and that's why I'm not afraid to leave automatic login on . The problem
is that if someone manages to hack his way into my account/computer (say
there's some SSH/VNC/Bittorrent sync/whatever else vulnerability) I
don't want my passwords in plain text. So here's the use cases : 
1.Full security , no decryption keys stored on the computer in any form
- the encrypted stuff cannot be decrypted even if someone takes your
computer physically and examines it.
2.Sanitary root space , not so air-tight user space - assuming the
machine is not going to get physically stolen the active account is
non-administrative in theory no bad code is going to have root
clearance . So the keyring in user-space can be encrypted by a key in
root-space , handled by a trusted program on startup.

That's my current "security setup" - a user account that I use for
everything , and 'su' into root with a password I don't keep stored
anywhere , so that even if I happen to execute bad code , or get my
account password otherwise hacked the attacker is confined to that

Now the problem from here on is the following (I thought I had it
figured out but I caught my own bad logic) : if a root service unlocks
the key-ring for all the user-space programs - there's no point in
having the system in the first place . So that is a problem that if I'm
not mistaken stands with the current setup too - if you unlock the
keyring every user-space app can access the stored passwords . (?) 
 Ideally certain apps would get access to certain keys .


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]