Re: gnome-keyring GNOME keyring without Gtk+
- From: Alberto Mardegan <mardy users sourceforge net>
- To: gnome-keyring-list gnome org
- Subject: Re: gnome-keyring GNOME keyring without Gtk+
- Date: Mon, 25 Mar 2013 11:39:48 +0200
On 03/25/2013 10:58 AM, Stef Walter wrote:
I previously went to great lengths to keep passwords out of pageable
memory. But as you can see that did complicate things. I've been pushed
to to compromise a bit on this these days, and consider alternatives
because:
* Kernel DBus will do zero-copy, and not be trivially snoopable.
A p2p D-Bus connection uses a simple socket between the two peers, and
since we don't need more than two parties involved, this is something
that could work already now.
[...]
However, we should still give thought as to whether we can make this
guarantee using an architecture:
* When the user is not using the computer (locked/sleeping/off) the
keyring password should not be sitting on the same disk as the
encrypted keyring.
Not that all implementations can make that guarantee, but in my opinion
it's worth making sure it's possible.
Nitpicking on the words, I'd rephrase the requirement as: the user
should be given a way to remove/disable the device holding the master
password.
If the master password is provided by a pluggable USB device but the
user forgets to unplug it when leaving, there's not much that the
implementation could do. :-)
[...]
Not at the moment; however I don't think it would be a very complicated
wrapping even if done manually (the only bit which worries me is that
the register method takes a GDBusConnection, and AFAIK there is no way
to create a GDBusConnection object out of an existing libdbus
DBusConnection, which we could get from QtDBus).
I see what you mean.
But since it's just the prompter process, it's not the end of the world
if it connects to the bus twice.
Indeed.
[...]
Sure. I think I can make it. I have a test day for my certificate
integration work [0] [1] on that day [2], but I can probably step away
from that for a short time.
Too many hints ;-)
I'm not directly involved with this, but I'm pretty sure it'll get there
eventually. :-)
Do I need to register somehow?
https://plus.google.com/109966160795843627457
Not anymore. :-) The blog post explained how to get a slot, but I
already did that for you, so it's already been taken care of.
Ciao,
Alberto
--
http://blog.mardy.it <- geek in un lingua international!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]