Language Selection

English French German Italian Portuguese Spanish

GNOME Keyring

Filed under
Software
Security

For the past week or so, people have been talking about a “security issue” in Seahorse. This sums up my opinion on the matter:

This isn't a security issue, and there is no good way to fix it.

A password managing daemon, such as GNOME Keyring, increases the security of stored passwords for the following reasons:

  • Passwords are stored in a database that uses real encryption, not just an obfuscation scheme
  • A single code base needs to be audited to make sure no vulnerabilities exist in the encryption algorithms that are being used
  • The database is protected by a password that is known only to the user who unlocks it
  • Since the database is encrypted, no other user or bootable CD can recover the stored passwords if the unlock password is not known

So, if GNOME Keyring increases the security of user credentials, why can you see your passwords exposed in plain text when you open Seahorse? Because you've unlocked the keyring using your login password.

Full Post




More in Tux Machines

PuppEX Linux Live CD Now Based on Puppy Xenial, Compatible with Ubuntu 16.04 LTS

Arne Exton informs us about the availability of a new stable build of its Puppy-derived PuppEX Linux Live CD distribution, version 160822, which is now using the latest kernel and software applications. Read more

KDevelop 5.0 Open-Source IDE Officially Released with New C/C++ Language Support

After being in development for the past two years, the open-source KDevelop IDE (Integrated Development Environment) software has finally reached the 5.0 milestone. Read more

Open source drone controller has an FPGA-enhanced brain

Aerotenna has launched an open source, $499 “OcPoc” drone flight controller that runs Linux on an Altera Cyclone V ARM/FPGA SoC. Lawrence, Kansas based Aerotenna, which bills itself as “the leading provider of innovative microwave sensors and flight control systems,” describes OcPoC (Octagonal Pilot on Chip) as a ready-to-fly, open source flight control platform. The system integrates an IMU, barometer, GPS, and a CSI-camera interface. Read more

Linux Kernel 3.16.37 LTS Is a Massive Update with Tons of Networking Changes

Immediately after announcing the release of Linux kernel 3.2.82 LTS, maintainer Ben Hutchings proudly informed the community about the availability of the thirty-seventh maintenance update to the Linux 3.16 LTS kernel series. Read more