Re: encryption has nothing to do with password?
- From: zhangweiwu realss com
- To: Stef Walter <stefw gnome org>
- Cc: seahorse-list gnome org
- Subject: Re: encryption has nothing to do with password?
- Date: Fri, 21 Nov 2014 07:07:03 +1000 (AEST)
On Thu, 20 Nov 2014, Stef Walter wrote:
On 14.11.2014 23:10, Weiwu Zhang wrote:
Yesterday a friend took my old harddisk and mounted /home on his PC,
and configured a new user with same username with a simple password
"123456", and login. He can see all my files (expected) and have
access to my seahorse stored passwords (surprise).
That's very strange and unexpected.
The only thing I can think of is that you created your login keyring or
login account without a password. When you do this, the keyring is not
encrypted. You can check this by trying to open up the keyring file in a
text editor. If it's not encrypted you should be able to see the contents.
Thanks for the clear info!
I found that in my login.keyring:
1) all field names are in clear-text, like date_created, signon_realm,
username_element.
2) all values are binary blobs.
Is this encrypted or not? I do have to type login password everytime
computer starts in order to access login.keyring.
I assume it is not encrypted, because the clear-text part reveals the number
of passwords (in my case 155 passwords). A security professional won't
reveal even this information in an encrypted dataset.
For the purpose of comparision, I created a new keyring using a new
password, and in it I stored a customized password entry. Then I check the
keyring file resulted, it has no clear text except the name of the Keyring
and the file's magic - that is, field names are not clearly visible. So it
infers that my login keyring (with field name in clear text) are not really
encrypted. Next task is how to encrypte it. 155 passwords are too much for
keyboard reëntry.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
