Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
- From: Stef Walter <stef-list memberwebs com>
- To: Vertigo <duvel123 gmail com>
- Cc: seahorse-list gnome org, gnome-keyring-list gnome org
- Subject: Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
- Date: Fri, 30 Oct 2009 07:55:33 -0600
This is really a gnome-keyring question. Seahorse is no different than
any other application on the Desktop when it comes to accessing
passwords in the keyring.
gnome-keyring-daemon has a very hard time differentiating between
FWIW, I'm sure you've already read the security philosophy here:
The first and foremost 'real' thing we can do, to make all these
security dreams a reality, is help Linux get a concept of signed
applications (think iPhone, Mac OS) ... Or some other way to
differentiate between applications, or at least applications running in
different security contexts.
> I would suggest passwords in seahorse are not
> visible without re authentication of the user, but at the same time I would
> use the password dialogue box to warn the user that despite this
> authentication request, his passwords are NOT secure or encrypted as long as
> he is logged in, and he should lock his screen and/or close the keyring to
> avoid identity theft.
Who does this reauthentication? Should seahorse lock and then try to
unlock the keyring? Or is gnome-keyring supposed to somehow identify
seahorse and treat it differently?
Obviously anything done in seahorse would be of absolutely no
consequence to any other password manager.
] [Thread Prev