6

In general people are warning not to disable the password for unlocking the keyring (The login keyring did not get unlocked when you logged into your computer, How can I stop being prompted to unlock the 'default' keyring on boot?) which avoids the unlock keyring prompt when auto-login without password.

However, I feel like the security concerns are not relevant when encrypting the drive via LUKS. I only use auto-login because I need to "login" via LUKS anyway and feel like that provides enough safety. But given the adamant advice read in the other posts, I am wondering whether I am missing something.

Is there any status where it can become relevant again that we permanently unlocked the keyring after the login? I am thinking maybe when we log out this becomes an issue, but then again if you log-out, you can't login via auto-login. So both cases (auto-login + LUKS, regular login) behave the same again, because you need to enter your password to login which would result in unlocking the keyring anyway.

Maybe I am unable to come up with a real issue, because there is no real issue when using LUKS with auto-login and an unlocked keyring.

Natan
  • 1,059

1 Answers1

4

Passwords in Plain Text

When you say permanently unlock the keyring you mean store all the passwords in the default keyring in plain text. This means if one can grab the password file they can get all the passwords.

LUKS is security at rest

What I mean is, disk encryption protects your data only when your computer is off! If your computer is is running then you have already entered the LUKS pass phrase.

Two Possible Threats

Suppose you are online and click a malware link by mistake that gives a bad guy remote access to your computer. He can copy the keyring file from you and steal all your passwords as they are stored in plain text.

Here is another one: If you leave your commuter unattended and go get a cup of coffee someone with an USB drive can copy the keyring password file.

Hope this helps

user68186
  • 37,461