Re: gnome-keyring Idea: service generating passwords based on a key and master password (like PwdHash)
- From: Anders Rundgren <anders rundgren telia com>
- To: Michał Górny <mgorny gentoo org>
- Cc: gnome-keyring-list gnome org
- Subject: Re: gnome-keyring Idea: service generating passwords based on a key and master password (like PwdHash)
- Date: Sat, 31 Dec 2011 17:35:07 +0100
On 2011-12-30 22:59, Michał Górny wrote:
> I've got a little idea which -- if injected into gnome-keyring -- could serve quite a nice purpose to the community. The idea is to provide an interface for applications to requested passwords
> on a similar manner as old PwdHash Firefox extension did.
> As I see it, it could work like that: an application would request (over D-Bus) generating a new hashed password for a particular key (domain). Gnome-keyring would ask user for his master
> password (or a similar dedicated password) and use that to generate the new password and send it back to the application.
> As with PwdHash, advantage of such method is that specific passwords could be re-generated on request rather than being stored in a database -- and thus not relying on the access to the
> particular database.
> The advantage of implementing this in gnome-keyring rather than separately would be that the keyring's master password could be reused (if possible) rather than requiring the user to type (and
> store) yet another master password.
> Maybe it could be even further integrated with the current password storage so that such a new feature could be used transparently with current Secrets implementation. In other words, user would
> mark that his/her password for a particular service is to be generated rather than stored, and gkr will ask for the master password and generate it when an application requests the password
> stored for the service.
> What do you think?
I think that it is of little use launching a unique authentication
scheme on a platform having a very small market-share (Linux Desktop).
GKR would IMO gain tremendously by being reoriented to the market
where Linux is the leader, i.e. servers. Java supports Windows
CAPI out-of-the-box but not so for Linux since there is no
"Linux CAPI", just a number of competing systems:
Although I *love* Open Source, I have a feeling that it takes
a Google to unite it which is kind of sad.
Maybe SKS/KeyGen2 when/if integrated in CPUs (0.1 mm2 silicon
using 20 nm technology) is needed to achieve real unification
including the necessary buy-in from service providers?
> _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list gnome org http://mail.gnome.org/mailman/listinfo/gnome-keyring-list
][Date Next] [Thread Prev