gnome keyring always needs to be unlocked
dmc.fedora at filteredperception.org
Fri Oct 19 00:01:25 UTC 2007
Robert Relyea wrote:
> Douglas McClendon wrote:
>> Jeff Spaleta wrote:
>>> On 10/18/07, Kevin Kofler <kevin.kofler at chello.at> wrote:
>>>> Encrypted home directories are a solution for a computer which can
>>>> be stolen.
>>>> If you're worried about your central server getting stolen, you have
>>>> security problems than keyring security. ;-) Permissions should be
>>>> enough to
>>>> secure a computer if physical security is present.
>>> Are suggestion that linux laptop users are somehow immune to falling
>>> prey to problem which require troubleshooting application
>>> configurations stored in a user's home directory?
>> It's an interesting question as to what 'doesn't matter'. I.e. mail
>> server passwords and other data and configuration stored in
>> ~/.thunderbird. Or everything stored in ~/.firefox. Those seem to me
>> to be things I'd like encrypted by default as a laptop user, in
>> addition to what you described as some special xdg style directory.
> Your general data is stored in ~/.thunderbird and ~/.firefox, but your
> passwords are already stored encrypted in those directories (or should
> be if you have "use master password to encrypt" set in your
> privacy/password settings).
Those are true things, but don't really have anything to do with point I
was making. I'm a fan of a few good layers of security for a typical
laptop/desktop scenario. A nice firewall with everything closed to the
outside world, except that which is exlicitly allowed. A nice
encryption of the entire home directory, and screensaver locking. Then,
once I'm inside those layers, I prefer to not use things like master
passwords in thunderbird and firefox. If you can convince me that using
master passwords, in combination with some alternate overall scheme
provides a better balance of security and convenience... let the debate
begin. But be warned, I place a pretty high relative value on convenience.
More information about the fedora-devel-list