On 8/20/07, <b class="gmail_sendername">David Zeuthen</b> &lt;<a href="mailto:davidz@redhat.com">davidz@redhat.com</a>&gt; wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br> - It&#39;s a fair goal to ensure that users don&#39;t have to enter any<br>&nbsp;&nbsp; passwords and I think gnome-keyring and other password stores (like<br>&nbsp;&nbsp; the one in Firefox) helps with that. Especially if it&#39;s automatically
<br>&nbsp;&nbsp; unlocked when you log in.</blockquote><div><br>For sure I agree the API-to-store-stuff aspect of the keyring is good, because in theory it lets you share stuff between applications.&nbsp; In practice that seems to have mostly failed.&nbsp; Pidgin and Firefox do their own thing, and almost everything I see that actually uses gnome-keyring uses the GENERIC_SECRET instead of NETWORK_PASSWORD so you can&#39;t easily reuse logins between apps...at least not without getting stormed by &quot;Allow or Deny?&quot;.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">&nbsp;&nbsp; It&#39;s also pretty damn convenient that I don&#39;t have to type in these
<br>&nbsp;&nbsp; passwords all the time. Plus I can rest assured that if my laptop<br>&nbsp;&nbsp; is stolen, some of my passwords are encrypted (ask blizzard about<br>&nbsp;&nbsp; getting his laptop stolen).</blockquote><div><br>See below...<br></div>
<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">&nbsp;&nbsp; FWIW, I consider it a bug that the password store in e.g. Firefox<br>&nbsp;&nbsp; isn&#39;t locked the same way we lock gnome-keyring; I know the option
<br>&nbsp;&nbsp; in Firefox is there but we just uncheck it by default so you get<br>&nbsp;&nbsp; plaintext passwords.</blockquote><div><br>Well they&#39;re not directly plaintext on disk (I actually looked at this as part of killing-login-dialogs thing); but yeah the key used to decrypt them is right there so it ends up being more a CVS-style rot13 obfuscation (which is a good idea).
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">&nbsp;&nbsp; (Of course another solution to the &quot;unlock keyring&quot; problem is just
<br>&nbsp;&nbsp;&nbsp;&nbsp;to use encrypted home directories)</blockquote><div><br>Right; this is the real solution to the stolen-laptop problem and I&#39;m all for it!<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
 - It&#39;s just a bug [1] that an unprivileged process like your keylogger<br>&nbsp;&nbsp; can grab key presses while the gnome keyring password dialog is<br>&nbsp;&nbsp; focused. With things like XACE, we can prevent that and only allow<br>
&nbsp;&nbsp; privileged applications like e.g. a screen reader / on screen<br>&nbsp;&nbsp; keyboard to do this.<br><br>&nbsp;&nbsp; Of course you can now turn this into a discussion about trusted path.</blockquote><div><br>Right =)&nbsp; The guiding principle here being: If someone has physical access to your computer and hostile intent, you&#39;ve already lost.
<br><br>Not that it&#39;s impossible to defend against but...it gets increasingly baroque and the important thing to secure is the web browser.<br><br><br></div></div>