Re: [Tails-dev] Shared screen locking solution for live dis…

Delete this message

Reply to this message
Author: Tobias Frei
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Shared screen locking solution for live distributions in Debian
Hi sajolida,

I love this idea and have always been looking for exactly such a
solution. On Tails, I am currently using "xlock" with a custom
administrator password; here on my Ubuntu PC, "xlock" does not even
seem to be an existing package.

It would be awesome for me to have a working screen locking tool
shipped with Tails; preferably one that asks me for the used password
before locking the screen. The icing on the cake might be the
possibility to define a password that will be used for locking if the
computer has not been used for an user-defined amount of seconds.

In my opinion, the password should be stored using a strong hashing
algorithm that may well take some seconds to be calculated - the
legitimate user can afford waiting some seconds after entering the
password to unlock the screen; an attacker should have a hard time
extracting the screen lock password even if the built-in software
security mechanisms are somehow circumvented. But I'm not a security
expert and maybe this would just be an illusion of security without
actual benefits.


Best regards,
Tobias Frei



Am 31.12.2014 um 15:03 schrieb sajolida:
> Hi,
>
> I'm part of the people working on Tails, a live distribution that
> aims at preserving privacy and anonymity: https://tails.boum.org/.
> Tails is currently lacking a screen locker and this has been a
> frequent feature request. See
> https://labs.riseup.net/code/issues/5684.
>
> For example, as Tails is been adopted more and more by
> journalists, they want to be able to leave their computer
> unattended in their office to go to the toilets for a minute and
> have their screen locked.
>
> I'm writing this emails to various Live distributions based on
> Debian (Knoppix, Grml, Jondo, Kali, Debian Live, and Tanglu). I'm
> also putting Micah Lee in copy as he has shown particular interest
> in this feature.
>
> I've been investigating the screen locking mechanism of those
> various Debian based live distributions, and I found out that none
> of them had a real mechanism to do so. They either:
>
> - Do not provide any screen locking mechanism (Knoppix, Grml, Jondo
> Live). - Either rely on their default password to unlock the screen
> (Kali, Tanglu, Debian Live).
>
> The purpose of this email is to know whether you would be
> interested in working on a common Debian package to provide a
> generic screen locking solution for Debian based live
> distributions.
>
> The core usability issue that we are facing here is the one of the
> unlocking password. As we are live distributions, there either is
> no password or a default one. Still, screen locking only make sense
> if the user is able to use a custom password. As an interesting
> exception, note that in Jondo Live, the user is prompted for a user
> password on boot. In Tails the user can set up an administration
> password but this is disabled by default for security reasons so we
> cannot rely on this for screen locking.
>
> During our last monthly meeting we came up with the idea of asking
> for a custom password *in the process of locking the screen* for
> the first time. For example, in GNOME, when doing Meta+L for the
> first time, the user would be prompted to enter a screen locking
> password, then only the screen would get locked. If she locks the
> screen again, the same password would be reused.
>
> What do you think? Please answer to tails-dev@??? and feel
> free to subscribe to the list to follow the thread:
>
> https://mailman.boum.org/listinfo/tails-dev/
>