Hello, I've got a little idea which -- if injected into gnome-keyring -- could serve quite a nice purpose to the community. The idea is to provide an interface for applications to requested passwords on a similar manner as old PwdHash[1] Firefox extension did. As I see it, it could work like that: an application would request (over D-Bus) generating a new hashed password for a particular key (domain). Gnome-keyring would ask user for his master password (or a similar dedicated password) and use that to generate the new password and send it back to the application. As with PwdHash, advantage of such method is that specific passwords could be re-generated on request rather than being stored in a database -- and thus not relying on the access to the particular database. The advantage of implementing this in gnome-keyring rather than separately would be that the keyring's master password could be reused (if possible) rather than requiring the user to type (and store) yet another master password. Maybe it could be even further integrated with the current password storage so that such a new feature could be used transparently with current Secrets implementation. In other words, user would mark that his/her password for a particular service is to be generated rather than stored, and gkr will ask for the master password and generate it when an application requests the password stored for the service. What do you think? [1]:https://www.pwdhash.com/ -- Best regards, Michał Górny
Attachment:
signature.asc
Description: PGP signature