Re: gnome-keyring Seahorse and clear text passwords: a proposal for a pragmatic solution

[Neil Broadley <scaine scaine net>]

2009/10/30 Vertigo <duvel123 gmail com>

The security philosopy is right. If something/someone gets control of
the user's account the battle is lost.

I dont think it has to be so "binary". There are many ways to lose a war.

<snip>

 

Seahorse as it is now is open invitation to snatch someone's passwords when he is not looking at his screen for a minute. Password protecttng seahorse (and possibly other apps, as I mentioned earlier Im not exactly a specialist when it comes to gnome or security) will not secure one's passwords fundamentally, we know that,  but it will deter I bet 99% of potential identity thieves. If you add a dialogue that informs the user of the actual lack of security when leaving his account unlocked, I do not see any downsides, assuming what is being proposed here is technically feasible and not too hard to implement.

Can I add that I don't think the solution needs to be "lock seahorse and require a password to use it".  I just think that when Seahorse is accessed, passwords are by default not shown in clear text.  Since this is possibly not fully useful, a button to "Reveal passwords" would then prompt via gksudo/policykit/whatever.

That would allow new SSH keys, syncs and so on to take place without the need for a password, but would also deter the casual malicious user from viewing all stored passwords in the few clicks it currently requires.

This isn't about deterring a determined hacker, it's about deterring opportunism.