Security in seahorse
Clash Royale CLAN TAG#URR8PPP
Being quite a new user (Mint 18.1), I'm a bit abashed by the behaviour between seahorse and the applications that request a password from the wallet. In my case, the ownCloud client asks to store my oC credentials to seahorse so technically I can't auto-start oC without the category in which it is stored ("default") to be unlocked. But once it's unlocked, anyone can have access to the password by ticking "show the password".
Shouldn't "Show the password" require a sudo password? This sounds quite basic to me.
Thanks
security password
asked Feb 7 '17 at 19:54
jfkjfk
115
add a comment |
Being quite a new user (Mint 18.1), I'm a bit abashed by the behaviour between seahorse and the applications that request a password from the wallet. In my case, the ownCloud client asks to store my oC credentials to seahorse so technically I can't auto-start oC without the category in which it is stored ("default") to be unlocked. But once it's unlocked, anyone can have access to the password by ticking "show the password".
Shouldn't "Show the password" require a sudo password? This sounds quite basic to me.
Thanks
security password
asked Feb 7 '17 at 19:54
jfkjfk
115
add a comment |
Being quite a new user (Mint 18.1), I'm a bit abashed by the behaviour between seahorse and the applications that request a password from the wallet. In my case, the ownCloud client asks to store my oC credentials to seahorse so technically I can't auto-start oC without the category in which it is stored ("default") to be unlocked. But once it's unlocked, anyone can have access to the password by ticking "show the password".
Shouldn't "Show the password" require a sudo password? This sounds quite basic to me.
Thanks
security password
asked Feb 7 '17 at 19:54
jfkjfk
115
Being quite a new user (Mint 18.1), I'm a bit abashed by the behaviour between seahorse and the applications that request a password from the wallet. In my case, the ownCloud client asks to store my oC credentials to seahorse so technically I can't auto-start oC without the category in which it is stored ("default") to be unlocked. But once it's unlocked, anyone can have access to the password by ticking "show the password".
Shouldn't "Show the password" require a sudo password? This sounds quite basic to me.
Thanks
security password
security password
asked Feb 7 '17 at 19:54
jfkjfk
115
asked Feb 7 '17 at 19:54
jfkjfk
115
asked Feb 7 '17 at 19:54
jfkjfk
115
asked Feb 7 '17 at 19:54
jfkjfk
115
asked Feb 7 '17 at 19:54
jfkjfk
115
115
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The whole point of a password wallet is that applications can retrieve passwords from the wallet and send them to the service that requires the password. The wallet is stored encrypted, your login password is used to decrypt it when you log in.
Seahorse isn't the wallet application, it's an application that allows you to browse and edit your wallet. It has the same access permissions as any other program you run.
It is not true that “anyone can have access to the password”. Only a program running on your account can access the password. Any program you run on your account is effectively you — it's acting on your behalf.
“Show the password” is exactly the same operation as “retrieve the password to use it to log in somewhere”. This doesn't require root access. Root access is about doing things that affect all users of the machine, such as configuring hardware or installed software. Your passwords are yours only, and typing your password when you log in or when you unlock your screen shows to the computer that you are you.
There are protocols that allow “locking up” a password inside a secure environment, such that the password can never be extracted from it (except with higher privileges, possibly only through physical attacks), the secure environment only allows using that password as part of a login attempt and what comes out of the secure environment is a one-time token derived from the password that a remote service can verify. Such protocols are not very common, and where they're implemented (e.g. OAuth), the secure environment is usually a third-party cloud service.
Your question sounds like you're used to the security model of mobile operating systems such as iOS and Android. Those systems have a peculiar security model where they isolate applications from each other. Desktop OSes such as Linux and Windows don't do that, they only isolate users from each other. Furthermore those systems have a very peculiar security model where the user does not have full control of the software running on the device, even though they legally own the hardware, unless the device has been “jailbroken” (“rooted”). With a desktop system, your computer is yours, you aren't restricted from accessing the data on it. Your passwords are your data, so you can access them, and which application you use to do this is entirely your business.
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
|
show 6 more comments
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f343263%2fsecurity-in-seahorse%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The whole point of a password wallet is that applications can retrieve passwords from the wallet and send them to the service that requires the password. The wallet is stored encrypted, your login password is used to decrypt it when you log in.
Seahorse isn't the wallet application, it's an application that allows you to browse and edit your wallet. It has the same access permissions as any other program you run.
It is not true that “anyone can have access to the password”. Only a program running on your account can access the password. Any program you run on your account is effectively you — it's acting on your behalf.
“Show the password” is exactly the same operation as “retrieve the password to use it to log in somewhere”. This doesn't require root access. Root access is about doing things that affect all users of the machine, such as configuring hardware or installed software. Your passwords are yours only, and typing your password when you log in or when you unlock your screen shows to the computer that you are you.
There are protocols that allow “locking up” a password inside a secure environment, such that the password can never be extracted from it (except with higher privileges, possibly only through physical attacks), the secure environment only allows using that password as part of a login attempt and what comes out of the secure environment is a one-time token derived from the password that a remote service can verify. Such protocols are not very common, and where they're implemented (e.g. OAuth), the secure environment is usually a third-party cloud service.
Your question sounds like you're used to the security model of mobile operating systems such as iOS and Android. Those systems have a peculiar security model where they isolate applications from each other. Desktop OSes such as Linux and Windows don't do that, they only isolate users from each other. Furthermore those systems have a very peculiar security model where the user does not have full control of the software running on the device, even though they legally own the hardware, unless the device has been “jailbroken” (“rooted”). With a desktop system, your computer is yours, you aren't restricted from accessing the data on it. Your passwords are your data, so you can access them, and which application you use to do this is entirely your business.
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
|
show 6 more comments
The whole point of a password wallet is that applications can retrieve passwords from the wallet and send them to the service that requires the password. The wallet is stored encrypted, your login password is used to decrypt it when you log in.
Seahorse isn't the wallet application, it's an application that allows you to browse and edit your wallet. It has the same access permissions as any other program you run.
It is not true that “anyone can have access to the password”. Only a program running on your account can access the password. Any program you run on your account is effectively you — it's acting on your behalf.
“Show the password” is exactly the same operation as “retrieve the password to use it to log in somewhere”. This doesn't require root access. Root access is about doing things that affect all users of the machine, such as configuring hardware or installed software. Your passwords are yours only, and typing your password when you log in or when you unlock your screen shows to the computer that you are you.
There are protocols that allow “locking up” a password inside a secure environment, such that the password can never be extracted from it (except with higher privileges, possibly only through physical attacks), the secure environment only allows using that password as part of a login attempt and what comes out of the secure environment is a one-time token derived from the password that a remote service can verify. Such protocols are not very common, and where they're implemented (e.g. OAuth), the secure environment is usually a third-party cloud service.
Your question sounds like you're used to the security model of mobile operating systems such as iOS and Android. Those systems have a peculiar security model where they isolate applications from each other. Desktop OSes such as Linux and Windows don't do that, they only isolate users from each other. Furthermore those systems have a very peculiar security model where the user does not have full control of the software running on the device, even though they legally own the hardware, unless the device has been “jailbroken” (“rooted”). With a desktop system, your computer is yours, you aren't restricted from accessing the data on it. Your passwords are your data, so you can access them, and which application you use to do this is entirely your business.
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
|
show 6 more comments
The whole point of a password wallet is that applications can retrieve passwords from the wallet and send them to the service that requires the password. The wallet is stored encrypted, your login password is used to decrypt it when you log in.
Seahorse isn't the wallet application, it's an application that allows you to browse and edit your wallet. It has the same access permissions as any other program you run.
It is not true that “anyone can have access to the password”. Only a program running on your account can access the password. Any program you run on your account is effectively you — it's acting on your behalf.
“Show the password” is exactly the same operation as “retrieve the password to use it to log in somewhere”. This doesn't require root access. Root access is about doing things that affect all users of the machine, such as configuring hardware or installed software. Your passwords are yours only, and typing your password when you log in or when you unlock your screen shows to the computer that you are you.
There are protocols that allow “locking up” a password inside a secure environment, such that the password can never be extracted from it (except with higher privileges, possibly only through physical attacks), the secure environment only allows using that password as part of a login attempt and what comes out of the secure environment is a one-time token derived from the password that a remote service can verify. Such protocols are not very common, and where they're implemented (e.g. OAuth), the secure environment is usually a third-party cloud service.
Your question sounds like you're used to the security model of mobile operating systems such as iOS and Android. Those systems have a peculiar security model where they isolate applications from each other. Desktop OSes such as Linux and Windows don't do that, they only isolate users from each other. Furthermore those systems have a very peculiar security model where the user does not have full control of the software running on the device, even though they legally own the hardware, unless the device has been “jailbroken” (“rooted”). With a desktop system, your computer is yours, you aren't restricted from accessing the data on it. Your passwords are your data, so you can access them, and which application you use to do this is entirely your business.
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
The whole point of a password wallet is that applications can retrieve passwords from the wallet and send them to the service that requires the password. The wallet is stored encrypted, your login password is used to decrypt it when you log in.
Seahorse isn't the wallet application, it's an application that allows you to browse and edit your wallet. It has the same access permissions as any other program you run.
It is not true that “anyone can have access to the password”. Only a program running on your account can access the password. Any program you run on your account is effectively you — it's acting on your behalf.
“Show the password” is exactly the same operation as “retrieve the password to use it to log in somewhere”. This doesn't require root access. Root access is about doing things that affect all users of the machine, such as configuring hardware or installed software. Your passwords are yours only, and typing your password when you log in or when you unlock your screen shows to the computer that you are you.
There are protocols that allow “locking up” a password inside a secure environment, such that the password can never be extracted from it (except with higher privileges, possibly only through physical attacks), the secure environment only allows using that password as part of a login attempt and what comes out of the secure environment is a one-time token derived from the password that a remote service can verify. Such protocols are not very common, and where they're implemented (e.g. OAuth), the secure environment is usually a third-party cloud service.
Your question sounds like you're used to the security model of mobile operating systems such as iOS and Android. Those systems have a peculiar security model where they isolate applications from each other. Desktop OSes such as Linux and Windows don't do that, they only isolate users from each other. Furthermore those systems have a very peculiar security model where the user does not have full control of the software running on the device, even though they legally own the hardware, unless the device has been “jailbroken” (“rooted”). With a desktop system, your computer is yours, you aren't restricted from accessing the data on it. Your passwords are your data, so you can access them, and which application you use to do this is entirely your business.
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
answered Feb 8 '17 at 1:07
GillesGilles
544k12811011619
544k12811011619
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
|
show 6 more comments
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
Thank you for your answer and your clarification. Indeed seahorse is an editor of the wallet, sorry for the imprecision. However, I disagree with you on the safety of the principle. When I said "anyone can have access to the password' I meant "anyone who would accidentally use my session could have access to those sensitive data". To me there is some kind of breach here. (see below...)
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
In any case, I solved the issue by entering no password to access the wallet and delete seahorse. That way if the situation above-mentionned would occur, the user would have to download an editor in order to access those credentials and this require to provide a sudo password for installation. Could you confirm that it is not possible to access the wallet without a sudo command? Thank you very much
– jfk
Feb 8 '17 at 8:36
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk Deleting seahorse does not change the security of the system in any way. If someone has access to your session, they could just download it, or they could use any other program that accesses the wallet. Using sudo is only necessary to affect the system as a whole, for example to install a program for all users. You could install seahorse or any other program on your account, sudo is not needed for that, it's just more convenient to use the package manager.
– Gilles
Feb 8 '17 at 11:59
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
@jfk I must warn you that you clearly do not understand the security of your system. I strongly recommend that you do not try to improve it: what you do is very likely to make it worse. Furthermore, I recommend that you actually read my answer. In your comments, you're asking me to “confirm” things where I explained the exact opposite in my answer.
– Gilles
Feb 8 '17 at 12:00
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
Thanks Gilles, the debate is very useful to me. If you don't mind, I'd like to be sure that I've understood what you explained. My Linux partition is encrypted and I'm the only user. To avoid entering twice a password, I auto-log. So having the wallet stored unencrypted didn't appear as an issue to me since that configuration mirrors the role of the classical login and its relationship to the wallet you described. In both cases we have a session open with an unencrypted wallet. The only difference is that for my configuration to be hacked it requires a much more experienced user, whereas
– jfk
Feb 8 '17 at 20:32
|
show 6 more comments
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f343263%2fsecurity-in-seahorse%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
