gnome-keyring stores your passwords on disk, encrypted with a single passphrase. You make the phrase on creation and re-enter it again later to open the ring. The additional challenge is that nobody should be able to recover the data without also knowing the passphrase. So the datastore itself has to be imbued with mathematical properties related to the passphrase, and the passphrase change (unless you also have the old passphrase).
Fingerprint identification works by doing a fuzzy match of a given scan to a registered print. These fuzzy match algorithms are even subject to export controls (normally). Any given scan will be different, as your fingerprint changes over time. Scars, wounds, warts, orientation etc can affect the scan. So the given scan can't be an encryption key, because every scan is different and has far too few stable properties. The registered print likely can't be a key because it's stored on disk and we don't know the format etc. The format itself is encrypted to prevent an attacker from crafting their own fingerprint based on the registered print, so not a lot is known about it. About the only way this could work is if the fingerprint device itself had a secured datastore, working on the theory that it's much harder to attack the chip itself than a regular storage device. Place the passphrase and a registered fingerprint in the datastore and only release the passphrase when a matching print is offered. -- Thinkfinger doesn't unlock keyring https://bugs.launchpad.net/bugs/276384 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
