Re: encryption has nothing to do with password?



Hello Weiwu,

On Fri, Nov 14, 2014, at 04:10 PM, Weiwu Zhang wrote:
For years I thought login keyring is encrypted with login password.

Yesterday a friend took my old harddisk and mounted /home on his PC,
and configured a new user with same username with a simple password
"123456", and login. He can see all my files (expected) and have
access to my seahorse stored passwords (surprise).

It's a bit surprise to me. It means one can access my password
database without knowing my password. I often backup my gnome-keyring
without further enrypting it and I back up to the Internet. I may have
leaked many passwords already.

Yes, this is a legitimate concern.


Now how to create a keyring that is related to my passwords? And
better still, to apply this to the login keyring so I don't have to
move all passwords to the new password-protected keyring?


There is information about how to create new keyrings (as well as how to
lock them) included in the Passwords and Keys (aka Seahorse) help. 
These topics are included as part of the Passwords and Keys application,
but you can also see them here:

* Create a new keyring: 
https://help.gnome.org/users/seahorse/stable/keyring-create.html.en
* Lock your keyring with a password:
https://help.gnome.org/users/seahorse/stable/keyring-lock.html.en

I would recommend fully encrypting your hard disk (or at least your home
directory / partition), and also encrypting any keys that you want to
back up.  I'm not on my Linux PC, so can't provide the exact
instructions on encrypting your keyring info. It sounds like you're
reasonably savvy, though, and should be able to figure this out.

I hope this helps,

Jim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]