Re: gnome-keyring Idea: service generating passwords based on a key and master password (like PwdHash)

On 2011-12-30 22:59, Michał Górny wrote:
> Hello,
> I've got a little idea which -- if injected into gnome-keyring -- could serve quite a nice purpose to the community. The idea is to provide an interface for applications to requested passwords
> on a similar manner as old PwdHash[1] Firefox extension did.
> As I see it, it could work like that: an application would request (over D-Bus) generating a new hashed password for a particular key (domain). Gnome-keyring would ask user for his master 
> password (or a similar dedicated password) and use that to generate the new password and send it back to the application.
> As with PwdHash, advantage of such method is that specific passwords could be re-generated on request rather than being stored in a database -- and thus not relying on the access to the 
> particular database.
> The advantage of implementing this in gnome-keyring rather than separately would be that the keyring's master password could be reused (if possible) rather than requiring the user to type (and 
> store) yet another master password.
> Maybe it could be even further integrated with the current password storage so that such a new feature could be used transparently with current Secrets implementation. In other words, user would 
> mark that his/her password for a particular service is to be generated rather than stored, and gkr will ask for the master password and generate it when an application requests the password 
> stored for the service.
> What do you think?
> [1]:

I think that it is of little use launching a unique authentication
scheme on a platform having a very small market-share (Linux Desktop).

GKR would IMO gain tremendously by being reoriented to the market
where Linux is the leader, i.e. servers.  Java supports Windows
CAPI out-of-the-box but not so for Linux since there is no
"Linux CAPI", just a number of competing systems:

Although I *love* Open Source, I have a feeling that it takes
a Google to unite it which is kind of sad.

Maybe SKS/KeyGen2 when/if integrated in CPUs (0.1 mm2 silicon
using 20 nm technology) is needed to achieve real unification
including the necessary buy-in from service providers?


> _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list gnome org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]