← Back to team overview

ubuntu-phone team mailing list archive

Re: [Development] Solution for a password/secret storage

 

On 19/03/13 13:39, Alberto Mardegan wrote:
> [...]
>> Finally, one last aside...  wouldn't full filesystem encryption remove
>> the need for a secret storage service?  AFAIK, it hasn't yet been
>> discussed in the context of Touch.
> That's a good thing to discuss. However, full disk encryption might
> impose some hardware requirements to get a decent speed, and in any case
> one must decide how to store the key to the filesystem.

They are complementary. If you look through the freedesktop API, it
specifies a "plain" storage mode where you don't encrypt. So you could
have plain storage if the device already has full disk encryption and
encrypted storage if it doesn't. I would be quite uncomfortable with
that though because if you don't use any encryption in the keyring,
everything is in clear once you're logged in so any piece of software
that you run as a user could read your passwords by just reading the
file direct and bypassing the API.

And of course, there's the key to the file system to take into account.

Bruno



References