Default.keyring too easily accessible?

lw1471 · 2013-09-26 09:12:20

I don't know if this is part of Xfce or distro-specific, or a general Linux file, but I am a bit concerned that /home/username/.local/share/keyrings/Default.keyring has some pretty sensitive data in, in plain view, seeming at odds with the general view of Linux security. It would be of use admittedly only to a rare Linux-literate thief but it still bugs me. Have I missed something? Could/shouldn't this file be locked/encrypted so it can't just be opened, even from a live CD etc? What can be done? Encrypting a whole /home folder seems extreme and like it would be a hassle. (Would it remain encrypted to someone with a live CD?)

Currently trying Xubuntu 13..04 64 bit.

Last edited by lw1471 (2013-09-26 16:15:05)

Jristz · 2013-09-29 04:58:20

aparenytly this is from libgnome-keyring
that is the problem Gnome, if I not instal it none is stored here

ToZ · 2013-09-29 10:12:01

In Xubuntu 13.10 (beta 2), I don't have a Default.keyring file.

toz@xubuntu1310:~/.local/share/keyrings$ ls
login.keyring  user.keystore

Both of those files appear to be encrypted.

lw1471 · 2013-09-30 10:47:05

Yes some people in another forum also say the same thing. I wonder why the file is not encrypted on my machines. I'm going to try to uninstall libgnome-keyring but Chromium seems to gripe (where Firefox doesn't) if Default.keyring is simply deleted. Presumably Chromium can store passwords within its own configuration and / files.

Actually I've looked now and it looks like too much other stuff will be taken with the gnome-keyring items including Banshee and Chromium. I'll see what 13.10 is like otherwise I'm going to move to another Xfce distro.

Xfce Forum

Sub domains

#1 2013-09-26 09:12:20

Default.keyring too easily accessible?

#2 2013-09-29 04:58:20

Re: Default.keyring too easily accessible?

#3 2013-09-29 10:12:01

Re: Default.keyring too easily accessible?

#4 2013-09-30 10:47:05

Re: Default.keyring too easily accessible?

Board footer