Re: gnome-keyring Idea: service generating passwords based on a key and master password (like PwdHash)



On 2011-12-30 22:59, Michał Górny wrote:
> Hello,
> 
> I've got a little idea which -- if injected into gnome-keyring -- could serve quite a nice purpose to the community. The idea is to provide an interface for applications to requested passwords
> on a similar manner as old PwdHash[1] Firefox extension did.
> 
> As I see it, it could work like that: an application would request (over D-Bus) generating a new hashed password for a particular key (domain). Gnome-keyring would ask user for his master 
> password (or a similar dedicated password) and use that to generate the new password and send it back to the application.
> 
> As with PwdHash, advantage of such method is that specific passwords could be re-generated on request rather than being stored in a database -- and thus not relying on the access to the 
> particular database.
> 
> The advantage of implementing this in gnome-keyring rather than separately would be that the keyring's master password could be reused (if possible) rather than requiring the user to type (and 
> store) yet another master password.
> 
> Maybe it could be even further integrated with the current password storage so that such a new feature could be used transparently with current Secrets implementation. In other words, user would 
> mark that his/her password for a particular service is to be generated rather than stored, and gkr will ask for the master password and generate it when an application requests the password 
> stored for the service.
> 
> What do you think?
> 
> [1]:https://www.pwdhash.com/

I think that it is of little use launching a unique authentication
scheme on a platform having a very small market-share (Linux Desktop).

GKR would IMO gain tremendously by being reoriented to the market
where Linux is the leader, i.e. servers.  Java supports Windows
CAPI out-of-the-box but not so for Linux since there is no
"Linux CAPI", just a number of competing systems:

http://java.sun.com/developer/technicalArticles/J2SE/security/#1

Although I *love* Open Source, I have a feeling that it takes
a Google to unite it which is kind of sad.

Maybe SKS/KeyGen2 when/if integrated in CPUs (0.1 mm2 silicon
using 20 nm technology) is needed to achieve real unification
including the necessary buy-in from service providers?

Anders
http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf


> 
> 
> 
> 
> _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list gnome org http://mail.gnome.org/mailman/listinfo/gnome-keyring-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]