| View previous topic :: View next topic |
| Author |
Message |
trikmik
n00b
Joined: 06 Nov 2017
Posts: 62
|
 Posted: Sat Dec 02, 2017 11:59 am Post subject: Gnome keyring network sniffer |
 |
|
With man in the middle, attacker can sniff login credentials,
i heard that when pressing login details then press Enter it sends a post message over the netwok. even ssl can be dycrypted,
Question: what happens if the gnome keyring generates output that can be dycrypted when sniffing?
Should i use gnome keyring?
It seems that it can not be dycrypted that easy.
I Will test later Today if gnome-keyring generates web traffic |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9677
Location: almost Mile High in the USA
|
| Posted: Sat Dec 02, 2017 6:02 pm Post subject: |
|
|
Gnome-keyring uses dbus.
While dbus can be sniffed when you're root, you got other problems. However, it should not pass authentication data over the network.
It's up to you whether you use these password saving program as they necessarily need to save this stuff on your hard drive, encrypted (I believe it's encrypted with your login password, so if your login password gets compromised, your passwords as well.)
I don't use it, and I end up forgetting passwords...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
trikmik
n00b
Joined: 06 Nov 2017
Posts: 62
|
| Posted: Sat Dec 02, 2017 6:27 pm Post subject: |
|
|
| (gnome-keyring) login credentials are not sniff-able(unless as root)? then there is nothing to worry about. |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9677
Location: almost Mile High in the USA
|
| Posted: Sat Dec 02, 2017 7:05 pm Post subject: |
|
|
If you're paranoid, don't save passwords - that's my policy. gnome-keyring just saves passwords for you, I just don't want the passwords on my hard drives.
What specific sniffing are you're worried about, the password still needs to be sent to whatever program you're using be it sshd or whatever...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
dmpogo
Advocate
Joined: 02 Sep 2004
Posts: 3267
Location: Canada
|
| Posted: Sun Dec 03, 2017 1:03 am Post subject: |
|
|
| eccerr0r wrote: | Gnome-keyring uses dbus.
While dbus can be sniffed when you're root, you got other problems. However, it should not pass authentication data over the network.
It's up to you whether you use these password saving program as they necessarily need to save this stuff on your hard drive, encrypted (I believe it's encrypted with your login password, so if your login password gets compromised, your passwords as well.)
I don't use it, and I end up forgetting passwords... |
Well, now skype is compiled with libsecret, and somehow libsecret forces installation of gnome-keyring, so you need to jump through the hoops in order not to have this infrastructure on your machine ... |
|
| Back to top |
|
|
dmpogo
Advocate
Joined: 02 Sep 2004
Posts: 3267
Location: Canada
|
| Posted: Sun Dec 03, 2017 1:05 am Post subject: |
|
|
| Honestly, my first sniffing worry would be crossing US border, where agents can force you to give up your laptop password and, I presume, password from your keyring |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9677
Location: almost Mile High in the USA
|
| Posted: Sun Dec 03, 2017 1:13 am Post subject: |
|
|
Yes, hence, have to keep passwords inside of gray matter.
Not sure what else to say about closed source software...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
|
Desktop Environments
