So suddenly you care about securitry again?
I don't know whether over the course of these exchanges you
actually developed an understanding of what seahorse/gnome-keyring
does.
But it means when you sign in it carries over the password
you typed as an encryption key to decrypt the password you
saved, if it differs from your log in password it will prompt
you for that password.
The crucial thing here is to make it secure it does not store
the decryption key on your system so you cant
be compromised without someone knowing your password or a
supercomputer.
In your confused head you want rid of this system because it
is inconvenient, having to enter a password all the time.
But at the same time you worry about a virus compromising
your system and getting your password... You can't have both!
There are two ways to be secure, either you have one password
which acts as a key to encrypt and unlock your other passwords,
or you log in every time you open your e mail client or log in
to a website.
If you have experience from another operating system which
you believed offered the fictional security you believe you had
before, then you are quite deluded.
Frankly either store all you password in you head and enter
them every time, and never click "remember my password" on a
website, or use gnome-keyring abd put up with the mild
inconvenience. because if you do neither a "rogue virus" can
access your passwords, whether the convenient UI of whatever you
have used previously tells you so or not.
On 04/11/12 13:55, Michael Stephenson wrote:
Seahorse requires your password to decrpyt the stored
passwords.
Without the password decypting the stored passwords is
impossible.
However if you have a blank password for gnome keyring
the stored
passwords will not be encrypted. Since you log in with
no password
and don't seem to be concerned about the security of
the passwords
stored in your home folder you might swell open
seahorse and
change the password to a blank one.
One slight drawback: If, say, some app that I use were to
become
a virus vector, where I keep my database of sites and
passwords
is pretty much unguessable. An unencrypted, standardized
tool's
database is not so obscure. So, I don't want seahorse
keeping my
passwords, thank you very much. I'll "vi" my private
database.
I now go back to my initial question, how do I get this
beast
off of my system forever?
_______________________________________________
seahorse-list mailing list
seahorse-list gnome org
http://mail.gnome.org/mailman/listinfo/seahorse-list