Re: [redsocks] integration with gnome-keyring
- Anando Gopal Chatterjee
- 2013-03-27 @ 03:58
> On Wed, Mar 20, 2013 at 7:29 PM, Anando Gopal Chatterjee
> <firstname.lastname@example.org> wrote:
>> Is if possible to take login username and password directly from a
>> keyring such as 'seahorse'.
>> It is very insecure to keep username and password in a text-file (the
>> configuration file of redsocks) in a public computer.
>> But if kept in a keyring then all can use it securely.
> Why is it more secure? What attack does it prevent and is this attack
> really relevant to your case? Keyring is not magic powder making
> things secure.
> For socks4, socks5 and http-basic authorization you have to know
> plain-text of the password, so it...
> 1) has to be stored somehow in plain-text (probably, encrypted)
> 2) has to be processed in plain-text for every new connection (so, it
> has to be stored in plain-text at least at RAM)
> 3) is passed through network in plain-text for socks5, and http with
> basic authorization scheme
> Also, you often need root access to run redsocks, so it's not ordinary
> "public computer", it's public computer with root access for everyone.
> It usually means, that you can't trust it, doesn't it? :)
> WBRBW, Leonid Evdokimov
> xmpp:email@example.com && http://darkk.net.ru
> tel:+79816800702 && tel:+79050965222
If the password is stored in some configuration file like
'/etc/resocks.conf' then everybody will be able to see the password very
easily. Then may be this can be done:
1) we store an encrypted password.
2) whenever we run redsocks the password will be unencrypted and the
configuration file be made.
3) run the redsocks
4) delete the configuration file.
Then it will be a bit difficult to see the password.
Anando Gopal Chatterjee