On Thu, 2013-10-10 at 14:05 +0100, fox_aaawkq wrote: > On Thu, 2013-10-10 at 13:13 +0300, p10 wrote: > > if you're going to enter your password after 5 seconds anyway, which > > makes this feature incompatible with "Online accounts" . > > My solution is to use two keyrings. I have a passwordless keyring for IM > and other stuff that is accessed immediately on auto-login. > Then I have a protected keyring that stores the passwords for > Evolution, encrypted folders and other things I want to keep secure. > This means I only need to enter the password when I open Evolution or > something protected, and not immediately everytime I turn the machine > on. Which also means I can give it to a friend and let them browse the > internet or whatever without worrying about them accessing private data. > > You seem to be under the impression that auto-login should in some way > be just as secure, without any form of authentication. If you don't need > to enter a password, then it doesn't matter what technical wizardry you > use to unlock the keyring, all someone needs to do is turn your computer > on, and they have full access to your stuff. > You must either choose to have your data protected or unprotected. > Using the two keyring mechanism, like me, you can choose that on a more > fine-grained level, rather than having to make everything unprotected > though.
The idea is that nobody has physical access to my machine . It's at home , it doesn't have some nuclear-rocket-schematics-like information , and that's why I'm not afraid to leave automatic login on . The problem is that if someone manages to hack his way into my account/computer (say there's some SSH/VNC/Bittorrent sync/whatever else vulnerability) I don't want my passwords in plain text. So here's the use cases : 1.Full security , no decryption keys stored on the computer in any form - the encrypted stuff cannot be decrypted even if someone takes your computer physically and examines it. 2.Sanitary root space , not so air-tight user space - assuming the machine is not going to get physically stolen the active account is non-administrative in theory no bad code is going to have root clearance . So the keyring in user-space can be encrypted by a key in root-space , handled by a trusted program on startup. That's my current "security setup" - a user account that I use for everything , and 'su' into root with a password I don't keep stored anywhere , so that even if I happen to execute bad code , or get my account password otherwise hacked the attacker is confined to that user-space. Now the problem from here on is the following (I thought I had it figured out but I caught my own bad logic) : if a root service unlocks the key-ring for all the user-space programs - there's no point in having the system in the first place . So that is a problem that if I'm not mistaken stands with the current setup too - if you unlock the keyring every user-space app can access the stored passwords . (?) Ideally certain apps would get access to certain keys . Petko _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
