Re: gnome-keyring Seahorse and clear text passwords: a proposal for a pragmatic solution



This is really a gnome-keyring question. Seahorse is no different than
any other application on the Desktop when it comes to accessing
passwords in the keyring.

gnome-keyring-daemon has a very hard time differentiating between
different applications.

FWIW, I'm sure you've already read the security philosophy here:
http://live.gnome.org/GnomeKeyring/SecurityPhilosophy

The first and foremost 'real' thing we can do, to make all these
security dreams a reality, is help Linux get a concept of signed
applications (think iPhone, Mac OS) ... Or some other way to
differentiate between applications, or at least applications running in
different security contexts.

Vertigo wrote:
> I would suggest passwords in seahorse are not
> visible without re authentication of the user, but at the same time I would
> use the password dialogue box to warn the user that despite this
> authentication request, his passwords are NOT secure or encrypted as long as
> he is logged in, and he should lock his screen and/or close the keyring to
> avoid identity theft.

Who does this reauthentication? Should seahorse lock and then try to
unlock the keyring? Or is gnome-keyring supposed to somehow identify
seahorse and treat it differently?

Obviously anything done in seahorse would be of absolutely no
consequence to any other password manager.

Cheers,

Stef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]