One Hundred Paper Cuts -- the first ten

Steve Langasek steve.langasek at
Sun Jun 21 01:37:39 BST 2009

On Fri, Jun 19, 2009 at 11:20:49PM +0200, Martin Pitt wrote:

> Steven Harms [2009-06-19 11:20 -0400]:
> > Can someone clarify for me the different between Firefox (our default
> > browser) storing passwords in clear text, and why that is acceptable,
> > but storing it clear text for network manager is unacceptable?

> If that is actually the case, it sounds like a bug to me.

> It should ask you for a master password the first time you choose to
> save a password in the keyring, and only if you leave that empty use a
> nonencrypted keyring.

I think the behavior you propose would be reasonable, but I don't really see
any reason to consider the current firefox behavior a bug.  In contrast, I
*do* think it's a bug that wireless passwords have to be decrypted with a
user password by default:  I consider the random set of WEP keys that I've
stored in my laptop to be quite a bit /less/ sensitive than most of the
other stuff in my homedir, and I would hate to see this gratuitous use of
encryption wind up giving an attacker some known plaintext that helped in
cracking my GNOME keyring...

(Also buggy: network-manager for second-guessing permissions on files in
/etc/NetworkManager/system-connections, to the point that it *won't use*
profiles that are world-readable!  Bug report filed, but still outstanding
:( )

Let's please not presume that making users use more passwords default is
going to make things more secure.  When the encryption passwordis *expected*
to match the login password in the common case, the attack scenarios that
the added encryption protect against appear to be rather narrow, and IMHO
definitely don't justify a degraded user experience ("password fatigue").

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                          
slangasek at                                     vorlon at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : 

More information about the ubuntu-devel mailing list