One Hundred Paper Cuts -- the first ten

Sat Jun 20 02:10:31 BST 2009

2009/6/19 Scott James Remnant <scott at canonical.com>:
> On Fri, 2009-06-19 at 08:58 -0500, David Siegel wrote:
>
>> >> Wifi auto-connection asks for keyring password
>> >>     https://bugs.edge.launchpad.net/hundredpapercuts/+bug/388593
>> >>
>> >
>> > This issue is pretty hard to get right, and thus I think it really
>> > disqualifies as a paper cut. I commented on the bug and subscribed
>> > Alex and Seb for further input. Your input from design POV heavily
>> > appreciated as well.
>> >
>> I feared that this one in particular would be too difficult to fix
>> completely, but what about ensuring that the password prompt has a "save
>> password for future use" checkbox, so the password only has to be
>> entered once per encrypted wifi network?
>>
> Ah, a misunderstanding.
>
> This is exactly what already happens, Network Manager saves the network
> passphrase for future use.
>
> The problem is that the keyring *into which* it saves that password is
> encrypted with your login password as a key.
>
> If you use auto-login, your *keyring* is not yet open.
>
> The passphrase you have to enter is not the network passphrase, it is
> your login password - needed to decrypt your keyring.
>
>
> Otherwise all the saved passwords and passphrases would be trivially
> readable :-(
>
> Scott

Someone who uses auto-login generally don't want to type a password
;-) Someone later referenced Mac Os X behaiviour and IMHO they have
following design choise:

1) Store everything in the encrypted keyring(s)

2) There are multiple keyrings but generally the usual one (including
network passwords) is your default keyring which is unlocked with
login password (or part of the login process)

3) Then if you do auto-login it does ask you for the network password
but it gives you a checkbox (actually a padlock) which you can check
which is equivalent to allow this application access this password
without unlocking the rest of the keychain. (real life equivalent
leave the padlock on your shed unlocked because it's nothing but
broken shovels)

I'm not sure how secure the process is, but from experience this "keep
unlocked" combo on Mac is per application <-> password. So if you want
to keep same password "unlocked" for three apps you need to do it 3
times.

Back to Ubuntu though. We already have similar functionality in place.
It is optional for the login screen to unlock your default keyring as
well. How does that work if the account password and login keyring
have different passwords? Does it do an API accessed unlock?

It would be an interesting possibility to dig through that code and
see if we can tie (optionally, at users discretion) to unlock selected
passwords (network manager in this use case) through the auto-login
event and keep it encrypted otherwise (e.g. ssh login, switch user
etc).

Surely if regular login can trigger keyring unlock, auto-login can be
hacked to do similar.

My two £0,02 =D

-- 
With best regards

Dmitrijs Ledkovs (for short Dima),
Ледков Дмитрий Юрьевич