<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/115497/">https://git.reviewboard.kde.org/r/115497/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On February 5th, 2014, 7:18 p.m. UTC, <b>Michael Pyne</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; border-collapse: collapse; margin: 2px padding: 2px;">
<thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; font-size: 9pt; padding: 4px 8px; text-align: left;">
<a href="https://git.reviewboard.kde.org/r/115497/diff/1/?file=242022#file242022line635" style="color: black; font-weight: bold; text-decoration: underline;">kwalletd/backend/kwalletbackend.cc</a>
<span style="font-weight: normal;">
(Diff revision 1)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">bool Backend::entryDoesNotExist(const QString& folder, const QString& entry) const {</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" align="right"><font size="2"></font></th>
<td bgcolor="#c5ffc4" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td>
<th bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font size="2">635</font></th>
<td bgcolor="#c5ffc4" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span class="n">passwrod2PBKDF2_SHA512</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">_newPassHash</span><span class="p">);</span></pre></td>
</tr>
</tbody>
</table>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Seems to be no error checking here, if this fails and we overwrite the hashed passwords on disk, couldn't there be data loss when we try to re-open them (when the user can't guess the key)?</pre>
</blockquote>
<p>On February 6th, 2014, 11:41 a.m. UTC, <b>Àlex Fiestas</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Added a runtime check to decide if we shuold swap or not the hashes, also checking it in BlowfishPersistHandler::write.
This will fix the following usecase:
-KWallet uses SHA1 to read
-KWallet uses PBKDF2 to write, but BKDF2 hash is null
For other cases we can't add much fallback since Backend::setPassword returns void, and no other code using it checks for errors in anyway.</pre>
</blockquote>
</blockquote>
<pre style="margin-left: 1em; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">feel free to add a return value to it, if that's needed.</pre>
<br />
<p>- Valentin</p>
<br />
<p>On February 10th, 2014, 5:43 p.m. UTC, Àlex Fiestas wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for KDE Runtime, Teo Mrnjavac and Valentin Rusu.</div>
<div>By Àlex Fiestas.</div>
<p style="color: grey;"><i>Updated Feb. 10, 2014, 5:43 p.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kde-runtime
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Uses the MINOR_VERSION (which until now it was 0) to upgrade the hash from SHA to PBKDF2-SHA512+salt.
I would have loved to completely replace it once the wallet is ported to the new hashing but because
of kwalletd code that is not possible without a bigger rewrite.
There are 2 reasons for this patch:
1-We avoid using our own implementation of SHA
2-We use a modern hashing technique
I'm cooking more patches to use the system user password to open the wallet, we want that password to be
hashed using PBKDF2_SHA512 for security reasons.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>CMakeLists.txt <span style="color: grey">(275a6c7)</span></li>
<li>cmake/modules/FindLibGcrypt.cmake <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/backend/CMakeLists.txt <span style="color: grey">(5a5837c)</span></li>
<li>kwalletd/backend/backendpersisthandler.cpp <span style="color: grey">(bdef6ca)</span></li>
<li>kwalletd/backend/kwalletbackend.h <span style="color: grey">(83ebf7f)</span></li>
<li>kwalletd/backend/kwalletbackend.cc <span style="color: grey">(e4d461c)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/115497/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>