low-hanging fruit
Colin Walters
walters at redhat.com
Mon Aug 20 18:28:20 UTC 2007
On 8/20/07, David Zeuthen <davidz at redhat.com> wrote:
>
>
> - It's a fair goal to ensure that users don't have to enter any
> passwords and I think gnome-keyring and other password stores (like
> the one in Firefox) helps with that. Especially if it's automatically
> unlocked when you log in.
For sure I agree the API-to-store-stuff aspect of the keyring is good,
because in theory it lets you share stuff between applications. In practice
that seems to have mostly failed. Pidgin and Firefox do their own thing,
and almost everything I see that actually uses gnome-keyring uses the
GENERIC_SECRET instead of NETWORK_PASSWORD so you can't easily reuse logins
between apps...at least not without getting stormed by "Allow or Deny?".
It's also pretty damn convenient that I don't have to type in these
> passwords all the time. Plus I can rest assured that if my laptop
> is stolen, some of my passwords are encrypted (ask blizzard about
> getting his laptop stolen).
See below...
FWIW, I consider it a bug that the password store in e.g. Firefox
> isn't locked the same way we lock gnome-keyring; I know the option
> in Firefox is there but we just uncheck it by default so you get
> plaintext passwords.
Well they're not directly plaintext on disk (I actually looked at this as
part of killing-login-dialogs thing); but yeah the key used to decrypt them
is right there so it ends up being more a CVS-style rot13 obfuscation (which
is a good idea).
(Of course another solution to the "unlock keyring" problem is just
> to use encrypted home directories)
Right; this is the real solution to the stolen-laptop problem and I'm all
for it!
- It's just a bug [1] that an unprivileged process like your keylogger
> can grab key presses while the gnome keyring password dialog is
> focused. With things like XACE, we can prevent that and only allow
> privileged applications like e.g. a screen reader / on screen
> keyboard to do this.
>
> Of course you can now turn this into a discussion about trusted path.
Right =) The guiding principle here being: If someone has physical access
to your computer and hostile intent, you've already lost.
Not that it's impossible to defend against but...it gets increasingly
baroque and the important thing to secure is the web browser.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-desktop-list/attachments/20070820/beac7df1/attachment.htm>
More information about the Fedora-desktop-list
mailing list