Re: gnome-keyring Idea: service generating passwords based on a key and master password (like PwdHash)

[Michael T <raselmsh hotmail com>]

On Sat, 31 Dec 2011 17:35:07 +0100, Anders Rundgren wrote:
>On 2011-12-30 22:59, Michał Górny wrote:
>> Hello,
>> 
>> I've got a little idea which -- if injected into gnome-keyring -- could serve quite a nice purpose to the >community. The idea is to provide an interface for applications to requested passwords
>> on a similar manner as old PwdHash[1] Firefox extension did.
>> 
>> As I see it, it could work like that: an application would request (over D-Bus) generating a new hashed password for a particular key (domain). Gnome-keyring would ask user for his master 
>> password (or a similar dedicated password) and use that to generate the new password and send it back to the application.
>> 
>> As with PwdHash, advantage of such method is that specific passwords could be re-generated on request rather than being stored in a database -- and thus not relying on the access to the 
>> particular database.
[...]
>I think that it is of little use launching a unique authentication
>scheme on a platform having a very small market-share (Linux Desktop).
[...]
I am replying to this since I just joined the list in order to post similar
thoughts. My idea was slightly less ambitious: GKR could have a
function for generating secure passwords based on a secure master
and a password-specific string (e.g. for my e-mail account I could use
the master SecureMaster%!1 and the string e-mail, for a work VPN I
could use SecureMaster%!1 and the string VPN... this is not meant
as a lesson in choosing secure master passwords!)  When an application
wanted to store a password in GKR, the user could tell it not to actually
store it, but to remember that it uses a generated password (no need
to adapt the application for this), and GKR could store the text string
and a hash of the master. This way the user could enter their master
password just once per session without having to store it on disk,
encrypted or not.  Thanks to the hash, different masters could be used
for different categories of passwords.  The downside is that an
additional manipulation is required when setting the password (first
generate it, then set it in the application, then tell GKR that we are
using the generated one).  The upside is that the user is less likely to
loose their passwords if something goes wrong, and of course that
nothing highly secret need be stored on disk.

Please tell me if those ramblings were comprehensible, and (even
less likely!) of interest to anyone.

Regards,

Michael