Re: gnome-keyring auto login

From: Michał Górny <mgorny gentoo org>
To: gnome-keyring-list gnome org,Herr Oswald <herr_oswald gmx de>
Subject: Re: gnome-keyring auto login
Date: Thu, 01 Jun 2017 12:16:33 +0200

Hi, 

Dnia 31 maja 2017 12:54:30 CEST, Herr Oswald <herr_oswald gmx de> napisał(a):

Hi,

hopefully this is not really old stuff, endlessly discussed and finally
dismissed...

I'd like to use auto login on my ubuntu, beliving that my house door
lock is safe enough... (;  But I do not want to have crucial passwords
unencrypted, so I cannot do it. And when I google "gnome keyring" -
many people are struggling with that issue. 

This made me think whether the encryption of saved passwords
necessarily has to be linked to a typed-in password. Aren't there other
solutions?

I'm not a security specialist at all, so this can only be a sketch:

* save the hashed password in a special place in the computer (e.g.
  USB stick, only mounted once at startup, then unmounted)?
* get the password from a signed/encrypted hardware dongle (home-made
  old USB stick)?
* create a long list of hardware related strings (MAC of the NIC,
  serial of motherboard or video card, various UUIDs, all the cryptic
  interrupts dmesg shows at startup etc), ask the user to choose one
  of them (or choose one randomly) - and implement a mechanism which
  only accepts 3 passwords at a time and then blocks the system for a
  few hours or so?

I guess, security specialists can produce better ideas than I can...

To boil down my thought again:
Is it really true that there are only the alternatives 
* "password encrypted keyring" or 
* "unencrypted keyring" - 
or could there be a smart and pretty save "in-between" with a password,
smart and safely stored on the computer?


I protect my keyring using randomly generated password which I store in an OpenPGP-encrypted file. I have 
patched gkr to call gpg to decrypt that file every time password is necessary. As such, the security matters 
are deferred to gpg (where you can play with hw etc).

The patch is really a cheap hack and not suitable for upstreaming. However, if it helps you, I can send it 
later today.

-- 
Best regards,
Michał Górny (by phone)

Follow-Ups:
- Re: gnome-keyring auto login
  - From: Herr Oswald

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]