-1

Seahorse is a keyring and password manager. So when we connect to Facebook from Chrome, and we choose to save that password, it is then stored in seahorse.

The problem that I am facing is: when opening the seahorse application, we can see all the passwords in plain text!

This means that if a friend asks me to use my laptop for a minute, he can see all my passwords easily!!

I know that even if this didn't exist, he could also go to the web browser where I saved my Facebook password, go to Facebook and modify the source code of the html webpage to see my password. But with seahorse, he can see all my passwords in a few seconds !!

Can anyone explain to me where am I wrong? Linux distributions are supposed to be super secure, so why did they choose such an approach to store passwords?

PS: I am not looking for answers that say "just don't share your laptop" or "just don't keep your laptop alone". I know that this is a solution, but we are human beings. We will do mistakes like letting our laptop alone to go to the toilet or something like this. In that time (even if it is small) anyone near my laptop can see all my passwords.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Sidahmed
  • 669
  • 2
  • 10
  • 27
  • I am not looking for the con and pro of password manager. The major issue here is that the passwords are available in plaintext in seahorse. That really scares me. – Sidahmed Nov 18 '16 at 11:56
  • 1
    I believe that you can't "modify the source code of [facebook] to see your password." The password isn't stored there. – J Kimball Nov 18 '16 at 12:29
  • You can change the webpage (html) source code, to see the password in the password field. – Sidahmed Nov 18 '16 at 12:31
  • 1
    @Sidahmed The "web" doesn't work that way. However, your friend could use the password manager build-in the browser to see your passwords. The solution to your problem is to make your friend use another account. One account = one user, on Linux or Windows. If you give your accesses to other, yes they can use those accesses. Just lock your screen when you go away from you computer. – A. Hersean Nov 18 '16 at 12:49
  • ...but don't rely on it. Locking screens is better than nothing, but still not much more than nothing. – deviantfan Nov 18 '16 at 12:51
  • 2
    the passwords are available in plaintext in Chrome too if you save them to Chrome ... – schroeder Nov 18 '16 at 17:39

3 Answers3

12

I know that even if this didn't exist, he could also go to some web browser, go to facebook.com and modify the source code of the webpage to see my password.

No. You know wrong.

This means that if a friend asks me to use my laptop for a minute, he can see all my passwords that easily ??!!

In your situation, apparently yes. Because...

The linux distributions are supposed to be super secure, so why did they choose such an approach to store passwords ??

They didn't, you did. Linux can only be as secure as it's administrating user allows.
Seahorse is based on the Gnome Keyring, which asks you to set a password during first use. Instead, you could also use an USB token. Or you could even refuse to set a password, which seems to be what you did.

If set, the passwort is necessary to access the other passwords and related convenience features in Seahore. Without password, or after entering it, well... of course you have access. If you give your computer away in this state, what should Linux do exactly, other that what it is doing now? Requiring passwords again to access saved FB login data is exactly what Seahorse should not do. Maybe they could require some more clicks to see the password, but it doesn't really change anything.

And it doesn't even matter. Your "friend" (apparently you don't trust him) could also open a site where you're logged in, not needing any login data or Seahorese at all, and change mail address and password to something only he knows (without doing anything with the website source). Or he could give you some malware by plugging in a USB device for about 3 seconds. Or...

PS : I am not looking for kind of answers that says "just don't share your laptop" or "just don't keep your laptop alone". I know that this is a solution, but we are human beings. We will do mistakes like letting our laptop alone to go to the toilet or something like this.

I'm fully serious: If your accounts and data are important, then just don't make such mistakes. Being careful is completely possible. To start with, getting physical access during your toilet break usually is game over, independent of your passwords.

deviantfan
  • 3,854
  • 21
  • 22
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/48799/discussion-on-answer-by-deviantfan-isnt-seahorse-a-big-security-problem). – Rory Alsop Nov 19 '16 at 20:53
  • There is the rationale why *Seahorse* does show passwords without any further password prompt: "Since the contents of any unlocked keyrings are available to programs you may be running, and Passwords and Keys (i.e. *Seahorse*) does not seek to give a false sense of security, the contents of unlocked keyrings are able to be viewed without entering the password." https://help.gnome.org/users/seahorse/stable/passwords-view.html.en – doak Jan 02 '20 at 14:11
1

They seem to acknowledge your concerns, but you may not be using it right.

"From that one main pane, expand the keyring entry to list out all of the various passwords that are stored. This may, at first, seem like a glaring security issue in and of itself, since no password has been entered to reach this point. Fear not, this keyring can be (and should be) locked and unlocked." https://www.linux.com/learn/manage-passwords-encryption-keys-and-more-seahorse

The article then goes onto explain proper usage.

Here is an answer directly addressing the "plaintext" questions: https://superuser.com/questions/969484/what-is-gnome-keyring-seahorse-and-why-its-storing-my-passwords-in-plaintext

J Kimball
  • 2,137
  • 1
  • 13
  • 19
0

Google Chrome on Windows forces you to re-enter your Windows password to view a password, like this:

enter image description here

It didn't always work this way, and some people object to the current behaviour. As you point out in your question, if you give your unlocked laptop to a "friend" who is skilled and devious, they can still extract your passwords. Those against it argue that the popup is security theatre - it creates the illusion of security while in truth it can easily be bypassed. The alternate viewpoint, that you also point out, is that in reality people do allow others to use their computer, so having this basic security measure is still useful. So there's no clear right or wrong approach here.

The best solution is for you to create a guest user on your system, and if someone wants to use your computer, give them that user. Short of that, you can lock your password store before giving it to them. You then need to re-enter your login password to access the store:

enter image description here


Your question has received a number of negative responses, which I feel are undeserved. It's particularly frustrating to see you being attacked for what you said about extracting the Facebook password, which not only was a side point, but is in fact entirely correct. If it's any consolation, the community can be very fickle. Maybe next week you'll post a similar question and it will end up on +72.

paj28
  • 32,906
  • 8
  • 93
  • 130
  • How does this answer the question? And about the "entirely correct" facebook statement: I'm viewing security.stackexchange.com now, and I have Firebug. Please tell me where in Firebug I have to look to find my password (on this site, not during login). – deviantfan Nov 18 '16 at 23:24
  • And the negative responses *could be* because OP don't know enough to understand a direct answer at all, blaming Linux for being unable to recognize toilet breaks, etc. – deviantfan Nov 18 '16 at 23:26
  • I'm not sure this answers the question either. Put aside the Facebook comment, and as the OP suggests, put aside the friend narrative. The OP decrypts a key/password store, then wonders why the data is in plaintext. Is a decrypted asset in plaintext a security failure? That appears to be the question. – schroeder Nov 19 '16 at 08:42
  • 1
    @deviantfan - In OP's scenario you can use a technique like [this](http://lifehacker.com/5946529/easily-reveal-hidden-passwords-in-any-browser) – paj28 Nov 19 '16 at 09:15
  • 1
    @schroeder - He is asking about the display of passwords, not them existing in memory. Specifically he says "we can see all the passwords in plain text". My answer addresses that precisely. – paj28 Nov 19 '16 at 09:16
  • @paj28 I'm aware that he's talking about the display of passwords (I never mentioned in-memory access) and whether that's a security fault. You do not appear to address that. – schroeder Nov 19 '16 at 18:13
  • @schroeder - I addressed it by: describing best practice (Chrome on Windows), discussing the limitations of that, and by providing practical advice (which addresses OP's underlying question). This is all in the answer - not sure why I need to spell it out for you? – paj28 Nov 19 '16 at 18:26
  • @paj28 "spelling it all out" is kinda the whole point of an answer. My point here is that it isn't quite known what the underlying question is, but the question, as asked, is not addressed in your answer. That's all. The *one* part of your answer that seems to be helpful is the "lock" part, but I'm not clear if that's a screenshot of Seahorse, or not. – schroeder Nov 19 '16 at 19:08