Re: cleaning up keyrings

From: Stef Walter <stef-list memberwebs com>
To: Havoc Pennington <hp redhat com>
Cc: desktop-devel-list gnome org
Subject: Re: cleaning up keyrings
Date: Tue, 28 Aug 2007 22:35:53 +0000 (UTC)

Havoc Pennington wrote:
> Anyway, I'm thinking about how to clean up the password-storage situation.
> 
> Here is the current situation:
>  - Pidgin just sticks passwords in plain text in app-specific XML files
>  - Gossip does the same thing, plain text in XML files
>  - Firefox has its whole own thing, though they have plans to use the
> Keychain on OS X they are not planning to use gnome-keyring according
> to possibly-outdated wiki page:
> http://wiki.mozilla.org/Firefox:Password_Manager

I believe the epiphany guys have been working on this, at some point:
http://bugzilla.gnome.org/show_bug.cgi?id=130336

>  - BigBoard puts things in gnome-keyring
> 
> Looking in gnome-keyring-manager, there's barely anything in there.

Yeah, one big problem with gnome-keyring was the problem of having to
enter your password twice, which really bugged users. I hope that with
the PAM integration in 2.20, this major excuse for not using
gnome-keyring will be no more.

Evolution, for example, has gnome-keyring support but is rarely compiled
with it due to the above.

> Looking at gnome-keyring-manager does hint at one problem, though;
> gnome-keyring is too "policy free" and free-form. It provides a shared
> password facility, but no real guideline for _how_ to store the
> passwords or how to find the password for a particular thing or
> particular site.

Yes a spec does seem necessary to help coordinate what is stored in each
of the individual attributes. We ran into this problem with seahorse and
gnome-gpg, each of which wanted to store passwords for PGP keys in the
keyring.

We probably also want to add one or more keyring item types, eg: for web
form data.

The current list of item types:

GNOME_KEYRING_ITEM_GENERIC_SECRET
GNOME_KEYRING_ITEM_NETWORK_PASSWORD
GNOME_KEYRING_ITEM_NOTE

>  - have some mechanism for "smart deductions," like "I can guess you
> have an XMPP account that matches your google.com username/password" -
> maybe this just has to be in the apps, not sure

Along with what Alan said, pushing this too far down the stack opens up
many possibilities for password retrieval attacks, like the recent spate
of attacks that exploited this in Firefox and Safari.

Cheers,

Stef Walter

Follow-Ups:
- Re: cleaning up keyrings
  - From: Havoc Pennington

References:
- cleaning up keyrings
  - From: Havoc Pennington

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]