Re: encryption has nothing to do with password?
- From: Stef Walter <stefw gnome org>
- To: a colourful land
- Cc: seahorse-list gnome org
- Subject: Re: encryption has nothing to do with password?
- Date: Fri, 21 Nov 2014 07:22:44 +0100
On 20.11.2014 22:07, zhangweiwu realss com wrote:
On Thu, 20 Nov 2014, Stef Walter wrote:
On 14.11.2014 23:10, Weiwu Zhang wrote:
Yesterday a friend took my old harddisk and mounted /home on his PC,
and configured a new user with same username with a simple password
"123456", and login. He can see all my files (expected) and have
access to my seahorse stored passwords (surprise).
That's very strange and unexpected.
The only thing I can think of is that you created your login keyring or
login account without a password. When you do this, the keyring is not
encrypted. You can check this by trying to open up the keyring file in a
text editor. If it's not encrypted you should be able to see the
contents.
Thanks for the clear info!
I found that in my login.keyring:
1) all field names are in clear-text, like date_created, signon_realm,
username_element.
2) all values are binary blobs.
Is this encrypted or not? I do have to type login password everytime
computer starts in order to access login.keyring.
I assume it is not encrypted, because the clear-text part reveals the
number of passwords (in my case 155 passwords). A security professional
won't reveal even this information in an encrypted dataset.
No. The daemon needs to know how many passwords and their attributes
before unlocking the keyring. That's how it knows which keyring to
unlock on demand.
The only encrypted part of a gnome-keyring is the actual secret (ie: the
password). In this particular aspect, it is very similar to how Private
keys in gpg are encrypted, but their metadata is available for
inspection without decryption.
Cheers,
Stef
[
Date Prev][Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
