What is the point of the NM keyring?

Marcelo Magno T. Sales mmtsales at gmail.com
Sun Jul 20 22:00:32 UTC 2008

Em Dom 20 Jul 2008, Timothy Murphy escreveu:
> Marcelo Magno T. Sales wrote:
> >> Some kind soul pointed out that one could get rid
> >> of the demand by NM for a keyring password
> >> by deleting .gnome2/keyrings/default.keyring
> >> and then giving an empty password when requested.
> >>
> >> But that made me wonder what possible point
> >> the keyring password could have?
> >> Is it intended as some kind of security device?
> >> As far as I can see, you have to be logged in to run NM,
> >> and if you are logged in you can delete this file.
> >>
> >> I might say the same about the KDE wallet system.
> >> How does this make one's part of the system more secure,
> >> since it is open to you to change the wallet password,
> >> or even to make it empty?
> >
> > Don't know about gnome keyring, but in KWallet you can change a
> > wallet's password only if you know the previous one. If you delete
> > the default wallet you can choose whatever password you like when
> > it's recreated, of course. But if you do delete one of the wallets,
> > then you loose all passwords stored in it, so I would say they are
> > indeed protected. There's no way of recovering the passwords stored
> > in a wallet without knowing the wallet's password.
> > I believe gnome keyring behaves the same way.
> ...
> > The purpose of wallets and keyrings is to make your life easier by
> > having to remember just one password, the one that opens your
> > wallet. All the others can be securely stored in the wallet.
> > However, if you loose the wallet's password, then you loose all
> > passwords stored in it.
> Thanks, I guess that makes quite a lot of sense.
> Actually, I use the same password for everything,
> as my great fear is I will forget some password and never be able
> to use kmail or whatever again.
> So the KDE wallet system is not really much use for me.

This is a possible solution, but not a very good one, if you take 
security in consideration. Specially if you use the same password for 
the important things (say, your bank account) and for the things that do 
not demand a high level of security (say, your bugzilla account, or 
mailing list password).
If one password is compromised, all of your secrets are in the open. 
Considering the multitude of sites and services we use that require 
passwords, if only one of them don't take good care of your password, 
you have a big problem.
It's better to use distinct passwords for most important things.
Also, there are services/applications that require you change your 
password every now and then. In this case, it's hard to keep all of your 
passwords synchronized when one of them have to be changed.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080720/38541857/attachment-0001.htm>

More information about the fedora-list mailing list