Re: Is there any way to kill a seahorse?

[Dimitrios Siganos <dimitris siganos org>]

I think you are both arguing just for the sake of arguing. Bruce makes a valid point but just doesn't seem to know how to put it across without offending people. Michael also makes valid points but I think he doesn't quite understand Bruce's argument.

Bruce is right in that, if you are going to store passwords unencrypted, the last thing you want to do, is collect them all in one standard well-known place. However, that is an unfair remark against seahorse because seahorse is clearly not intended to be used in such a way. Clearly, seahorse is meant to be used with a password.

I think the only valid question is: can seahorse be (easily) disabled without destroying the rest of the Gnome experience?

Dimitris

On 11/04/12 22:11, Michael Stephenson wrote:

So suddenly you care about securitry again?
I don't know whether over the course of these exchanges you actually developed an understanding of what seahorse/gnome-keyring does.

But it means when you sign in it carries over the password you typed as an encryption key to decrypt the password you saved, if it differs from your log in password it will prompt you for that password.

The crucial thing here is to make it secure it does not store the decryption key on your system so you cant be compromised without someone knowing your password or a supercomputer.

In your confused head you want rid of this system because it is inconvenient, having to enter a password all the time.

But at the same time you worry about a virus compromising your system and getting your password... You can't have both!

There are two ways to be secure, either you have one password which acts as a key to encrypt and unlock your other passwords, or you log in every time you open your e mail client or log in to a website.

If you have experience from another operating system which you believed offered the fictional security you believe you had before, then you are quite deluded.

Frankly either store all you password in you head and enter them every time, and never click "remember my password" on a website, or use gnome-keyring abd put up with the mild inconvenience. because if you do neither a "rogue virus" can access your passwords, whether the convenient UI of whatever you have used previously tells you so or not.

On 12 April 2012 00:36, Bruce Korb <bkorb gnu org> wrote:

On 04/11/12 13:55, Michael Stephenson wrote:

Seahorse requires your password to decrpyt the stored passwords.
 Without the password decypting the stored passwords is impossible.
However if you have a blank password for gnome keyring the stored
 passwords will not be encrypted. Since you log in with no password
 and don't seem to be concerned about the security of the passwords
 stored in your home folder you might swell open seahorse and
 change the password to a blank one.

One slight drawback:  If, say, some app that I use were to become
a virus vector, where I keep my database of sites and passwords
is pretty much unguessable.  An unencrypted, standardized tool's
database is not so obscure.  So, I don't want seahorse keeping my
passwords, thank you very much.  I'll "vi" my private database.

I now go back to my initial question, how do I get this beast
off of my system forever?

_______________________________________________
seahorse-list mailing list
seahorse-list gnome org
http://mail.gnome.org/mailman/listinfo/seahorse-list