On Thu, 2013-10-10 at 20:12 +0300, p10 wrote:
The problem is that if someone manages to hack his way into my account/computer (say there's some SSH/VNC/Bittorrent sync/whatever else vulnerability) I don't want my passwords in plain text. if you unlock the keyring every user-space app can access the stored passwords . (?) Ideally certain apps would get access to certain keys .
Right, that is what I was getting at. If the keyring is unlocked, they
are going to have full access to it, regardless of how they get in.
Stef has been talking about storing the keys with each individual
application, which will improve the situation, as apps won't be able to
get other apps passwords.
But, I don't believe root is involved. So, if they are actually logged
into your account, via SSH or something, then I presume they would still
have full access to that information. (Otherwise, how would the user be
able to manage their own keyring?)
Attachment:
signature.asc
Description: This is a digitally signed message part