KPasswordEdit patch (was Re: new widgets...)

Neil Stevens neil at qualityassistant.com
Mon Sep 30 08:55:52 BST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday September 29, 2002 11:25, Thomas Zander wrote:
> On Sat, Sep 28, 2002 at 07:29:26PM -0700, Neil Stevens wrote:
> > [A]re you also clearing the memory used by X (for input of the
> > password)
>
> I doubt the '*'s will be any use :)

Keystrokes, my man, keystrokes.  When the user inputs the password, he 
doesn't type *****.  X does receive the keystrokes, then sends them to 
your "secure" program.

> > and by your network stream (for output of the
> > password)?
>
> I doubt the encrypted connection will be of any use :)

Make sure to wipe every intermediate.  And are you wiping the data from 
every step of the secure protocol process?

> > If you assume an insecure OS, you lose no matter what your code does. 
> > But if you assume a secure OS, then you don't need to resort to cheap
> > tricks like these.  Either way, it's a waste of time.
>
> Ok, you must have heard this before; but real security is only possible
> if done from the ground up.

Security of what?  There's no such thing as one broad kind of "real 
security."  You have to decide what you're securing yourself against!  
That's why "Security is not optional" is such a worthless statement.

> Your only argument is that there will be other positions that the system
> will be cracked and that its useless to do security anyway; well thats
> your choice. Please don't limit mine, I believe in the simple principle
> of minimalizing the points of failure.

No, that's not my argument.  My argument is that these steps are 
unnecessary.  In a secure system, these steps do not protect against any 
threats that are possible.  In an insecure system, these steps do not 
protect against any threats.

By your argument, we should change every instance in KDE of

delete ptr;
ptr = 0;

with 

if(!ptr)
{
	delete ptr;
	ptr = 0;
}

Because while it's not necessary, it make sure that the problem of a crash 
isn't on our end.

- -- 
Neil Stevens - neil at qualityassistant.com
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9mAOIf7mnligQOmERAmolAJoCDPNJBD7oRE5fj5/MjuQgMyyn5wCfQeoM
HlkkpDiy2/nLvziX2qkYxcQ=
=h1ft
-----END PGP SIGNATURE-----

More information about the kde-core-devel mailing list