Language Selection

English French German Italian Portuguese Spanish

GNOME Keyring

Filed under
Software
Security

For the past week or so, people have been talking about a “security issue” in Seahorse. This sums up my opinion on the matter:

This isn't a security issue, and there is no good way to fix it.

A password managing daemon, such as GNOME Keyring, increases the security of stored passwords for the following reasons:

  • Passwords are stored in a database that uses real encryption, not just an obfuscation scheme
  • A single code base needs to be audited to make sure no vulnerabilities exist in the encryption algorithms that are being used
  • The database is protected by a password that is known only to the user who unlocks it
  • Since the database is encrypted, no other user or bootable CD can recover the stored passwords if the unlock password is not known

So, if GNOME Keyring increases the security of user credentials, why can you see your passwords exposed in plain text when you open Seahorse? Because you've unlocked the keyring using your login password.

Full Post




More in Tux Machines

Linux Filesystems Explained — EXT2/3/4, XFS, Btrfs, ZFS

The first time I installed Ubuntu on my computer, when I was sixteen, I was astonished by the number of filesystems that were available for the system installation. There were so many that I was left overwhelmed and confused. I was worried that if I picked the wrong one my system might run too slow or that it might be more problematic than another. I wanted to know which was the best. Since then, things have changed quite a bit. Many Linux distributions offer a ‘standard’ filesystem that an installation will default to unless otherwise specified. I think this was a very good move because it assists newcomers in making a decision and being comfortable with it. But, for those that are still unsure of some of the contemporary offerings, we’ll be going through them today. Read more

Today in Techrights

KDE Plasma 5.7.2 Introduces Lots of Plasma Workspace Improvements, KWin Fixes

KDE released the second maintenance update for the KDE Plasma 5.7 desktop environment series, which has already been adopted by several popular GNU/Linux operating systems. Read more

Gain access to an ARM server running Linux OS, through the cloud

The Linaro Developer Cloud has gone live, and users can apply to test an ARM-based server with Linux Read more