password and keys
Gary J. Kirkpatrick
garyartista at gmail.com
Wed Oct 21 13:35:17 UTC 2015
On Wed, Oct 21, 2015 at 10:29 AM, Chris Green <cl at isbd.net> wrote:
> On Wed, Oct 21, 2015 at 08:37:52AM +0200, Gary J. Kirkpatrick wrote:
> > I added a password to Passwords and Keys. I can unlock the "Login"
> > Gnome is another matter. This wasn't an issue before I added a
> > password to password and keys so no one who got into my computer could
> > see all the stored passwords.
> > I encrypted my files at installation. I have the key for that but it
> > does not work on Gnome key storage under Certificates. I thought
> > perhaps I confused an O for a 0 but that did not make any difference.
> > Is the encrypt password the one to use at Gnome key storage under
> > Certificates?
> > There are '"key servers" under Preferences. So I selected to publish
> > and automatically receive keys. So far nothing has changed. I am not
> > sure what this feature does. It does not make sense from a security
> > point of view to allow someone to retrieve the key so easily.
> > thanks for any assistance
> > garyk
> Not an answer to your question I'm afraid - but, in my opinion, the
> keyring/secrets/passphrases handling in Gnome/Ubuntu is a total mess.
> Its complexity makes managing security difficult and I'm sure, as a
> result, lots of people have much less secure systems than they think
> they have.
> Part of the problem is that gpg (among others) is complex and has so
> many options one rapidly gives up reading the man page.
> Simple tasks like keeping passwords or encrypting a few data files are
> not easy to do with the standard tools. There are lots of small
> programs one can install to do these jobs but they are often old[ish]
> and use poor security mechanisms.
> I used to use vi/vile's 'crypt' mechanism to keep a few files
> encrypted, it's very old (compatible with the original vi) but its
> dead easy to use. I decided to update to a more secure mechanism and
> it turned out to be much more difficult than it should be.
> On thing I discovered on the way, there's a *big* weakness in the way
> Gnome/GPG (and other distributions) does things. Although the actual
> encryption of data is, generally, very secure the passphrase used to
> protect the key used for encryption *isn't* particularly secure. The
> passphrase is hashed to create a 128-bit or 256-bit (or whatever) key
> and the key is used to encrypt the data. Brute forcing the key to get
> the passphrase isn't difficult *unless* the hashing mechanism takes a
> long time (in computing terms). The default hashing algorithm isn't
> slow enough to be secure. This weakness applies to lots of the
> encrypting utilities as well, e.g. I thought ccrypt sounded secure
> until the hashing algorithm was investigated.
> Chris Green
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
I was able to unlock after finally using my login password. That was the
first thing I tried and either I typed it incorrectly or there was some
sort of OS issue. In the meantime I found some old solution. I did not
have to try it but leave it here in case someone else needs it. It is
rather old, 2010 I believe.
I found this link:
This is what is says:
"The only solution that I’ve been able to come up with is to delete the
keyring contents, including the incorrect or corrupt passphrase. Note: this
will destroy all stored keys in the keyring, requiring that they be
re-imported. Other than the need to “start over” with the keyring manager,
this solution should be otherwise harmless.
It is possible to clobber your keyring passphrase and settings from the
Terminal. Open a terminal (Applications > Accessories > Terminal), and run
On older systems you may need to try:
The second method bypasses the Terminal and uses the graphical
interface strictly. To delete your current keyring, follow the steps
1. Navigate to Applications > Accessories > Passwords and Encryption Keys
2. Select the far-right tab “Passwords”
3. Select your keyring
4. Right-click and attempt “Change Password” or, if that doesn’t
work, select “Delete”
If you continue to have problems I would suggest looking for
additional tips in the comments here
or here <http://ubuntu-tutorials.com/2010/01/16/reset-gnome-keyring-password-on-ubuntu/#comments>.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-users