On 03/19/2013 02:16 PM, Tony Espy wrote: > Ah, the devil is in the details. I wouldn't dismiss the benefits of a > stable working code-base so quickly. > > The semantics already exist in code, the secure store piece is known to > be secure and works as advertised, and the PAM integration allows > gnome-keyring to operate without much intervention by the user. This > wasn't always in the case in the past as others have pointed out. > > That said, if we've done the analysis and determined that the UI code is > too tightly bound to the core logic, then that's another story...
Oops, I'd better correct myself before I start spreading FUD. :-) I was sure that the UI code was very tight to the service, but I don't know where I got that from. I checked again, and this cannot be farther from the truth. :-) gnome-keyring-daemon doesn't even depend on Gtk+, so it looks like that it can be reused. I didn't investigate how the master password prompt is generated, but hopefully it's easy to replicate (I'd better ask to the GNOME keyring maintainers about it, to be sure). > That said, it should be possible to implement this type of storage using > oFono's SIM API ( isn't this what Meego used? ). No, it was a different one (not open-source, AFAIK). > That said, what does gnome-keyring use for it's store, and what > alternatives besides SIM have you considered? It uses encrypted files in ~/.gnome2/keyrings/. I think anything which can generate a byte-array can be used as a keyring password -- it depends on the level of security you are looking for. What I'd like to have is a system where there can be multiple ways of unlocking the secrets DB, so that you are not completely lost if for some reason you cannot use a specific one at the moment. [...] > Finally, one last aside... wouldn't full filesystem encryption remove > the need for a secret storage service? AFAIK, it hasn't yet been > discussed in the context of Touch. That's a good thing to discuss. However, full disk encryption might impose some hardware requirements to get a decent speed, and in any case one must decide how to store the key to the filesystem. Ciao, Alberto -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
