Re: Seahorse and clear text passwords: a proposal for a pragmatic solution

From: Stef Walter <stef-list memberwebs com>
To: Vertigo <duvel123 gmail com>
Cc: seahorse-list gnome org, gnome-keyring-list gnome org
Subject: Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
Date: Fri, 30 Oct 2009 07:55:33 -0600

This is really a gnome-keyring question. Seahorse is no different than
any other application on the Desktop when it comes to accessing
passwords in the keyring.

gnome-keyring-daemon has a very hard time differentiating between
different applications.

FWIW, I'm sure you've already read the security philosophy here:
http://live.gnome.org/GnomeKeyring/SecurityPhilosophy

The first and foremost 'real' thing we can do, to make all these
security dreams a reality, is help Linux get a concept of signed
applications (think iPhone, Mac OS) ... Or some other way to
differentiate between applications, or at least applications running in
different security contexts.

Vertigo wrote:
> I would suggest passwords in seahorse are not
> visible without re authentication of the user, but at the same time I would
> use the password dialogue box to warn the user that despite this
> authentication request, his passwords are NOT secure or encrypted as long as
> he is logged in, and he should lock his screen and/or close the keyring to
> avoid identity theft.

Who does this reauthentication? Should seahorse lock and then try to
unlock the keyring? Or is gnome-keyring supposed to somehow identify
seahorse and treat it differently?

Obviously anything done in seahorse would be of absolutely no
consequence to any other password manager.

Cheers,

Stef

Follow-Ups:
- Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
  - From: Thorsten Sick

References:
- Seahorse and clear text passwords: a proposal for a pragmatic solution
  - From: Vertigo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]