One Hundred Paper Cuts -- the first ten
Steven Harms
thisdyingdream at gmail.com
Fri Jun 19 16:20:13 BST 2009
Can someone clarify for me the different between Firefox (our default
browser) storing passwords in clear text, and why that is acceptable,
but storing it clear text for network manager is unacceptable?
Thanks,
Steven Harms
On Fri, Jun 19, 2009 at 11:03 AM, Niels Egberts<niels.egberts at gmail.com> wrote:
>> This is exactly what already happens, Network Manager saves the network
>> passphrase for future use.
>>
>> The problem is that the keyring *into which* it saves that password is
>> encrypted with your login password as a key.
>>
>> If you use auto-login, your *keyring* is not yet open.
>>
>> The passphrase you have to enter is not the network passphrase, it is
>> your login password - needed to decrypt your keyring.
>>
>>
>> Otherwise all the saved passwords and passphrases would be trivially
>> readable :-(
>
> Why not let the user decide if the network-passphrase will be stored
> encrypted or not? I am not afraid that my passphrase will be stolen,
> and if it is, they already have access to my whole computer.
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
--
GPG Key ID: C92EF367 / 1428 FE8E 1E07 DDA8 EFD7 195F DCCD F5B3 C92E F367
More information about the ubuntu-devel
mailing list