Keyring password (Re: Installation report for UNR 20090324 on Acer Aspire One)

C. Cooke ccooke at gkhs.net
Thu Mar 26 10:16:47 GMT 2009 

On Wed, Mar 25, 2009 at 05:05:48PM +0100, Loïc Minier wrote:
> On Wed, Mar 25, 2009, Matt Zimmerman wrote:
> > This seems perfectly reasonable to me; wifi passwords are not usually so
> > sensitive that they need to be encrypted on disk.
> 
>  (Long term non-jaunty: )
>  I think that's only ok if we shard the keyring-backed passwords into
>  multiple keyrings and add a policy to store certain passwords in
>  certain keyrings.  e.g. wifi passwords in the optional non-password
>  protected keyring.  We could use the same trick as GConf which has a
>  path of configuration repositories and uses the first writable one, but
>  I think it would be more sensible to have a real policy similar to the
>  policykit/consolekit policies.
> 
>  I don't think it's ok to plan to store all passwords in a non-protected
>  keyring, that gives a false sense of security.
> 

Something like this?:

"You've just connected to a secure Wireless Network for the first time.
To save you time, Ubuntu can store credentials for wireless networks
for you so you don't need to enter a password next time you connect. 

Would you like to:

	[ ] Store your credentials in a high security store. This will 
	    always require you to enter a password when you want to 
	    unlock the store. This is the most secure option, but requires
	    you to remember an additional password.
	[*] Store your credentials in the default store. This will
	    be unlocked for you if you enter a password when you start
	    using your computer.
	[ ] Store your credentials in an unsecured store. This will
	    never ask you for a password; this is more convenient if
	    you don't need to worry about security.
	    
	[OK] [Cancel]
"
where clicking cancel would presumably not store the key this time.

(This isn't a suggestion per se - it's just useful sometimes to get a
picture of what the discussion is describing)

-- 
Charles Cooke, sysadmin
ALL CAPS TALK LEADS TO B1FF T4LK. B1FF T4LK LE4D$ 2 W4r37_t4LK. 
W4r3Zt/\1k L34d$ 2 31337 \/\//\r37_ |>0o|) 7/\|_|<, 
4|\||) 7|¬3|23 7!¬3 |)/\|2|( 51|)3 |_|3$

More information about the ubuntu-devel mailing list