Language Selection

English French German Italian Portuguese Spanish

GNOME Keyring

Filed under
Software
Security

For the past week or so, people have been talking about a “security issue” in Seahorse. This sums up my opinion on the matter:

This isn't a security issue, and there is no good way to fix it.

A password managing daemon, such as GNOME Keyring, increases the security of stored passwords for the following reasons:

  • Passwords are stored in a database that uses real encryption, not just an obfuscation scheme
  • A single code base needs to be audited to make sure no vulnerabilities exist in the encryption algorithms that are being used
  • The database is protected by a password that is known only to the user who unlocks it
  • Since the database is encrypted, no other user or bootable CD can recover the stored passwords if the unlock password is not known

So, if GNOME Keyring increases the security of user credentials, why can you see your passwords exposed in plain text when you open Seahorse? Because you've unlocked the keyring using your login password.

Full Post




More in Tux Machines

GNOME Software Package Manager App Updated for GNOME 3.16 to Fix Multiple Bugs

The GNOME Project released earlier today, August 3, the fifth maintenance release of the stable GNOME Software package manager application for the GNOME 3.16 desktop environment, a version that fixes seven issues. Read more

Linux Kernel 4.1.4 LTS Released with Numerous Updated Drivers, ARM64 Improvements

Today, August 3, Greg Kroah-Hartman announced the release and immediate availability for download of the fourth maintenance release of the stable, long-term supported Linux 4.1 kernel. Read more

Open-spec motor control kit runs Linux on Zynq SoC

Avnet’s revamped, Linux-based “ZIDK-II” kit for motor control combines its ZedBoard SBC, featuring an ARM/FPGA Zynq SoC, with improved Analog Devices gear. Avnet Electronic Marketing’s “Zynq-7000 All Programmable SoC/Analog Devices Intelligent Drives Kit II,” or “ZIDK-II,” is a major upgrade to a previously released kit of the same name, featuring an enhanced Analog Devices ” brushless DC motor control reference design. As before, the system is built around Avnet’s community-backed, Ubuntu Linux-based ZedBoard single board computer, which showcases the Xilinx Zynq-7020, a SoC that combines see farther below. Read more

today's leftovers