Language Selection

English French German Italian Portuguese Spanish

GNOME Keyring

Filed under
Software
Security

For the past week or so, people have been talking about a “security issue” in Seahorse. This sums up my opinion on the matter:

This isn't a security issue, and there is no good way to fix it.

A password managing daemon, such as GNOME Keyring, increases the security of stored passwords for the following reasons:

  • Passwords are stored in a database that uses real encryption, not just an obfuscation scheme
  • A single code base needs to be audited to make sure no vulnerabilities exist in the encryption algorithms that are being used
  • The database is protected by a password that is known only to the user who unlocks it
  • Since the database is encrypted, no other user or bootable CD can recover the stored passwords if the unlock password is not known

So, if GNOME Keyring increases the security of user credentials, why can you see your passwords exposed in plain text when you open Seahorse? Because you've unlocked the keyring using your login password.

Full Post




More in Tux Machines

The road to LibreOffice 5.0

LibreOffice 5.0 will be announced next Wednesday – August 5, 2015 – at noon UTC. It is our tenth major release, and the first of the third stage of LibreOffice development. To show the impressive amount of new features added to LibreOffice since version 3.3, released in January 2011, we have compiled a summary of all previous announcements. Read more

Ubuntu Touch Finally Gets a Regression Fix for Nexus 4 and Aquaris Phones

Canonical has recently released a new OTA update for Ubuntu Touch and it brought a large number of new features and improvements, but also a nasty regression that caused the telephony function to fail on BQ phones and Nexus 4. That fix has finally landed. Read more

OpenDaylight dawn: Open-source software defined networking goes into production

OpenDaylight, the open-source, software-defined network, is moving from the lab into full-scale production. Read more

Battle of the sub-$450 Android phones: ZTE Axon vs OnePlus 2 vs Moto X Style

Over the past two weeks we have seen three new Android phones announced that are priced to challenge Samsung, LG, and HTC devices typically found starting at $600. Read more