Re: Current network-password-saving feature needs improvement.

From: Rashmi Agrawal <rashmi agrawal wipro com>
To: gnome-devel-list <gnome-devel-list gnome org>, desktop-devel-list <desktop-devel-list gnome org>
Cc: David Wheeler <dwheeler ida org>
Subject: Re: Current network-password-saving feature needs improvement.
Date: Fri, 19 Jul 2002 17:40:09 +0530

I agree that we need some kind of general "password saving" mechanism". I
have some inputs to give for the same.

David Wheeler wrote:

> The more I think about it, the more useful a general "password saving"
> feature appears
> for open source operating systems.
> All web browsers need to store passwords for later use, and obviously
> more and more applets
> need to store passwords for later use too."Shrouding" doesn't help
> protect against
> people who steal your laptop.  Having"master passwords" helps, but
> currently people
> have to enter multiple master passwords (one for GNOME, one for SSH,
> one for Mozilla, ...).
> That's annoying.

Master password is a good idea as it can be reused each time a password
need encryption/decryption.
ofcourse a secret server is needed which can prompt for a master password
and store it in some
form which can be used to verify the master password for subsequent
logins. Now we dont even need
a seperate key for encryption/decryption as we can base our key on the
master password.

> Perhaps a small "secret server" could be created that ran on behalf of
> a user, and could get and store
> secrets on behalf of that user. Here are a few ideas:
> * It should be startable via PAM or GDM, so the login password could be
> used to generate the
>    encryption key.  However, the password itself shouldn't be
> encryption key, since if a nasty application takes over
>    the machine that would reveal the login password. Thus, use a
> cryptographic hash of the login password plus
>    a nice large salt (which is stored as plaintext in the keyfile)...
> an attacker gets the other passwords, but
>    possibly not the login password.  By only using the password and
> salt to determine the encryption key, the
>    master key file could be later moved and used on other machines.

A seperate password is better than login password since one of the
problems which comes up is intermediate
password changing when the session is going on. Hence a seperate password
say master password is needed.
If a master password changes all the previously encrypted keys should be
notified for re-encryption with new
master password.

> * It shouldn't REQUIRE being started with PAM or GDM - if it's not
> started by login, or the user wants to use a
>    separate password when accessing the keyfile, then it should
> gracefully ask (like ssh can do now).  Thus, the

> master keyfileshould have some indicator that says "ask separately".

GDM can be used to start the secret key server while logging in for one
time master password prompt.
But the disadvantage of this is that even if the user doesn't want to use
the services, he still needs to give the
master passwd which is not required. Rather, the server could be started
when any of the service is used for
the first time. From then on, if the secret key server is already
running, it would not be started again.

> * Perhaps start with ssh-agent.
> * It should be small and work for EVERYONE.  Then Mozilla,
>    GNOME applets, etc. should all be modified to work with it
>    when available.

Once these changes go into GNOME, all other applications will also be
able to use the same framework.

Need more inputs on the same.

Regards
Rashmi

> _______________________________________________
> gnome-devel-list mailing list
> gnome-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-devel-list

References:
- Re: Current network-password-saving feature needs improvement.
  - From: David Wheeler

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]