ubuntu-phone team mailing list archive

Thread
Date

Re: [Development] Solution for a password/secret storage

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
From: Bruno Girin <brunogirin@xxxxxxxxx>
Date: Tue, 19 Mar 2013 15:02:12 +0000
In-reply-to: <51486A78.20407@canonical.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4

On 19/03/13 13:39, Alberto Mardegan wrote:
> [...]
>> Finally, one last aside...  wouldn't full filesystem encryption remove
>> the need for a secret storage service?  AFAIK, it hasn't yet been
>> discussed in the context of Touch.
> That's a good thing to discuss. However, full disk encryption might
> impose some hardware requirements to get a decent speed, and in any case
> one must decide how to store the key to the filesystem.

They are complementary. If you look through the freedesktop API, it
specifies a "plain" storage mode where you don't encrypt. So you could
have plain storage if the device already has full disk encryption and
encrypted storage if it doesn't. I would be quite uncomfortable with
that though because if you don't use any encryption in the keyring,
everything is in clear once you're logged in so any piece of software
that you run as a user could read your passwords by just reading the
file direct and bypassing the API.

And of course, there's the key to the file system to take into account.

Bruno

References

[Development] Solution for a password/secret storage
From: Alberto Mardegan, 2013-03-18
Re: [Development] Solution for a password/secret storage
From: Tony Espy, 2013-03-19
Re: [Development] Solution for a password/secret storage
From: Alberto Mardegan, 2013-03-19