password and keys

Gary J. Kirkpatrick garyartista at gmail.com
Wed Oct 21 13:35:17 UTC 2015


On Wed, Oct 21, 2015 at 10:29 AM, Chris Green <cl at isbd.net> wrote:

> On Wed, Oct 21, 2015 at 08:37:52AM +0200, Gary J. Kirkpatrick wrote:
> >    I added a password to Passwords and Keys.  I can unlock the "Login"
> but
> >    Gnome is another matter.  This wasn't an issue before I added a
> >    password to password and keys so no one who got into my computer could
> >    see all the stored passwords.
> >    I encrypted my files at installation.  I have the key for that but it
> >    does not work on Gnome key storage under Certificates.  I thought
> >    perhaps I confused an O for a 0 but that did not make any difference.
> >    Is the encrypt password the one to use at Gnome key storage under
> >    Certificates?
> >    There are '"key servers" under Preferences. So I selected to publish
> >    and automatically receive keys.  So far nothing has changed.  I am not
> >    sure what this feature does.  It does not make sense from a security
> >    point of view to allow someone to retrieve the key so easily.
> >    thanks for any assistance
> >    garyk
>
> Not an answer to your question I'm afraid - but, in my opinion, the
> keyring/secrets/passphrases handling in Gnome/Ubuntu is a total mess.
> Its complexity makes managing security difficult and I'm sure, as a
> result, lots of people have much less secure systems than they think
> they have.
>
> Part of the problem is that gpg (among others) is complex and has so
> many options one rapidly gives up reading the man page.
>
> Simple tasks like keeping passwords or encrypting a few data files are
> not easy to do with the standard tools.  There are lots of small
> programs one can install to do these jobs but they are often old[ish]
> and use poor security mechanisms.
>
> I used to use vi/vile's 'crypt' mechanism to keep a few files
> encrypted, it's very old (compatible with the original vi) but its
> dead easy to use.  I decided to update to a more secure mechanism and
> it turned out to be much more difficult than it should be.
>
> On thing I discovered on the way, there's a *big* weakness in the way
> Gnome/GPG (and other distributions) does things.  Although the actual
> encryption of data is, generally, very secure the passphrase used to
> protect the key used for encryption *isn't* particularly secure.  The
> passphrase is hashed to create a 128-bit or 256-bit (or whatever) key
> and the key is used to encrypt the data.  Brute forcing the key to get
> the passphrase isn't difficult *unless* the hashing mechanism takes a
> long time (in computing terms).  The default hashing algorithm isn't
> slow enough to be secure.  This weakness applies to lots of the
> encrypting utilities as well, e.g. I thought ccrypt sounded secure
> until the hashing algorithm was investigated.
>
> --
> Chris Green
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

I was able to unlock after finally using my login password.  That was the
first thing I tried and either I typed it incorrectly or  there was some
sort of OS issue.  In the meantime I found some old solution. I did not
have to try it but leave it here in case someone else needs it.  It is
rather old, 2010 I believe.


I found this link:
https://ubuntu-tutorials.com/2010/01/16/reset-gnome-keyring-password-on-ubuntu/

This is what is says:

"The only solution that I’ve been able to come up with is to delete the
keyring contents, including the incorrect or corrupt passphrase. Note: this
will destroy all stored keys in the keyring, requiring that they be
re-imported. Other than the need to “start over” with the keyring manager,
this solution should be otherwise harmless.

*Method 1:*

It is possible to clobber your keyring passphrase and settings from the
Terminal. Open a terminal (Applications > Accessories > Terminal), and run
the command:

rm ~/.gnome2/keyrings/login.keyring

On older systems you may need to try:

rm ~/.gnome2/keyrings/default.keyring

The second method bypasses the Terminal and uses the graphical
interface strictly. To delete your current keyring, follow the steps
below:

   1. Navigate to Applications > Accessories > Passwords and Encryption Keys
   2. Select the far-right tab “Passwords”
   3. Select your keyring
   4. Right-click and attempt “Change Password” or, if that doesn’t
work, select “Delete”
   5.

   *Additional:*

   If you continue to have problems I would suggest looking for
additional tips in the comments here
<http://ubuntu-tutorials.com/2007/07/06/clearing-or-resetting-the-gnome-keyring/#comments>
or  here <http://ubuntu-tutorials.com/2010/01/16/reset-gnome-keyring-password-on-ubuntu/#comments>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20151021/6bcb9470/attachment-0001.html>


More information about the ubuntu-users mailing list