Lock keyring on sleep?

I got a comment mentioning it was a bad idea to lock the GNOME keyring on suspend and hibernate.

In 2-18 there was code added to unconditionally lock the keyring when we sleep, for security. This has the unfortunate side-effect of NetworkManager asking you for your WEP password when you resume (and probably disconnecting any network shares mounted over gnome-vfs).
I'm going to add a gconf variable in trunk, and possibly a configure option for 2-18 (as I agree it's annoying), but what should the default be? Is there any possible attack vector for not locking gnome-keyring?
Should this be in the UI? Users shouldn't really be touching gconf-editor…

Thanks for any help.

Published by


Richard has over 10 years of experience developing open source software. He is the maintainer of GNOME Software, PackageKit, GNOME Packagekit, GNOME Power Manager, GNOME Color Manager, colord, and UPower and also contributes to many other projects and opensource standards. Richard has three main areas of interest on the free desktop, color management, package management, and power management. Richard graduated a few years ago from the University of Surrey with a Masters in Electronics Engineering. He now works for Red Hat in the desktop group, and also manages a company selling open source calibration equipment. Richard's outside interests include taking photos and eating good food.

One thought on “Lock keyring on sleep?”

  1. Is there any way gnome-keyring could be integrated with GDM and gnome-screensaver? The ideal case would be that logging into GDM or gnome-screensaver automatically will try to unlock your keyring using your login password. I don't see a lot of reason to have separate login and keyring passwords for the vast majority of users, and I personally just always use the same password for both.

Comments are closed.