ubuntu-phone team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-03-19 09:31 AM, Robert Bruce Park wrote:
> On 13-03-19 05:57 AM, Bruno Girin wrote:
>> On 19/03/13 10:01, Alberto Mardegan wrote:
>>> Yes. In fact, it's possible to make the two passwords go out of
>>> sync, and there you'll be prompted to enter your keyring master
>>> password as the first application requests a password.
> 
>> OK so it's essential that whatever we do ensures that doesn't
>> happen. Users will have no idea what their "keyring master
>> password" is.
> 
> Well, if you forget your user password, and you use root to override
> it, then that will necessarily cause them to go out of sync.
> 
> Normally when changing your user password, it prompts for your old
> password, so that it can use it to decrypt the login keyring, so that
> it can be re-encrypted with the new password after.
> 
> But if you are root, you don't have to enter the old password, thus
> the login keyring cannot be decrypted, thus it cannot be re-encrypted,
> thus the passwords become out of sync.
> 
> I don't believe this is a solvable problem, so don't forget your login
> password ;-)
> 

It's not a solvable problem in the current design, but it's certainly a
solvable problem. You simply encrypt the database key not only with the
user's password, but also with a device/root key.

Marc.

Attachment: signature.asc
Description: OpenPGP digital signature