LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

STEED: End-to-end email encryption

STEED: End-to-end email encryption

Posted Oct 28, 2011 10:58 UTC (Fri) by josh (subscriber, #17465)
Parent article: STEED: End-to-end email encryption

Passphrase management does not seem like a particularly hard problem. Users shouldn't need to have more than one password: the one which unlocks their password storage system. (In my case, that password decrypts my hard drive, and everything else follows from that.)

(Log in to post comments)

STEED: End-to-end email encryption

Posted Oct 28, 2011 13:38 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

That works securely only if the password storage system itself is secure (e.g., does not run in the same account as the user's other programs) and the user is at least alerted (securely) when a program accesses the stored credentials. Otherwise any unprivileged local exploit would grant free access to all your passwords. Full-disk encryption, by itself, meets the first requirement, but not the second--once the disk is unlocked anything running in your account can read the password list.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds