Language Selection

English French German Italian Portuguese Spanish

GNOME Keyring

Filed under
Software
Security

For the past week or so, people have been talking about a “security issue” in Seahorse. This sums up my opinion on the matter:

This isn't a security issue, and there is no good way to fix it.

A password managing daemon, such as GNOME Keyring, increases the security of stored passwords for the following reasons:

  • Passwords are stored in a database that uses real encryption, not just an obfuscation scheme
  • A single code base needs to be audited to make sure no vulnerabilities exist in the encryption algorithms that are being used
  • The database is protected by a password that is known only to the user who unlocks it
  • Since the database is encrypted, no other user or bootable CD can recover the stored passwords if the unlock password is not known

So, if GNOME Keyring increases the security of user credentials, why can you see your passwords exposed in plain text when you open Seahorse? Because you've unlocked the keyring using your login password.

Full Post




More in Tux Machines

Ubuntu 18.04 Telemetry, Peppermint 9, Linux Mint 19

Chrome OS/Android Leftovers

OSS Leftovers

  • Take your computer on the go with Portable Apps
    Portable Apps lets you access all your go-to apps anywhere, anytime—regardless of whether you are using your own computer or not. With more than 400 apps, 980 million downloads, and available in 55 languages, Portable Apps allows you to access your favorites via a USB flash drive, a cloud folder, or just about any portable storage device. Portable Apps is like having your computer without having your computer. Portable Apps is released under the GPL and MIT licenses, and it is compatible with Windows XP through 10, or Linux and MacOS via Wine or CrossOver. Developed by John T. Haller, a computer science major at Binghamton University and the developer of Portable Firefox, Portable Apps launched in November 2006 and has been in development since 2004. The current version, 15.0.2, was released on May 17, 2018. Plus, Portable Apps is supported by 200 volunteers and 220,000 community members.
  • 7 tips for promoting your project and community on Twitter
  • Software Heritage Archive Goes Live

    The importance of preserving software, and in particular open source software, is something I've been writing about for nearly a decade.

  • How Tech Enterprises Handle Big Data On Open Source And Ensure User Privacy
  • Cheaper textbooks and better access for higher ed students
    Recently at the Texas Linux Fest, Ross Reedstrom introduced me to OpenStax. I've heard of a lot of open educational resources (OER) but not this particular one. It's certainly a project I'm going to follow now. OpenStax was founded by Rice University engineering professor Richard Baraniuk in 1999 under the name Connexions. It started like most open source projects: To scratch an itch and address a problem. In this case, Rice University wanted to do something on the web related to education. A grad student suggested that they take the model used to develop Linux and apply it to create textbooks, and Connexions was born. They decided on a license that allowed for reuse with attribution—in essence, this was the first use of the Creative Commons license even before the license existed.
  • MIT to conduct an environmental scan of open source publishing
    The MIT Press has announced the award of a grant from The Andrew W. Mellon Foundation to conduct a landscape analysis and code audit of all known open source (OS) authoring and publishing platforms. By conducting this environmental scan, the MIT Press will be providing a comprehensive and critical analysis of OS book production and hosting systems to the scholarly publishing community. As noted by Amy Brand, director of the MIT Press, “Open source book production and publishing platforms are a key strategic issue for not-for-profit scholarly publishers, and the wide-spread utilization of these systems would foster greater institutional and organizational self-determination. The MIT Press has long been a leader in digital publishing. We are very grateful for the generous support from The Mellon Foundation for this project.”

Microsoft, FOSS FUD, and Openwashing