Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)

Ingo Klöcker kloecker at kde.org
Thu Dec 4 22:21:19 GMT 2003


the following is a short comment from Werner Koch (author of GnuPG) on 
KWallet. A flaw in KWallet is much more serious than a flaw in any 
other KDE program. So we really have to make extra sure that there's no 
flaw in KWallet's crypto code that could cause the data it's supposed 
to protect to be compromised.

----------  Forwarded Message  ----------

Subject: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and 
store passphrases in KDE 3.2's wallet)
Date: Thursday 04 December 2003 16:19
From: Werner Koch <wk at gnupg.org>
To: gpa-dev at gnupg.org

On Thu, 4 Dec 2003 11:50:18 +0100, Ingo Klöcker said:
> BTW, AFAIK KWallet hasn't been audited by anyone (except George). Or
> has it?

I just browsed over it and figured some of the usual crypto beginner's

 * No intialization vector used in CBC mode -> FATAL problem.

 * Passphrase to key conversion is not one of the standards like
   pkcs#5 or the OpenPGK S2K method.  Instead a simple brute force
   thing is tried by repeating the hashing the hash 2000 times.  I
   also found no salt!

 * The protocol used is not decribed.

 * The plaintext files seems to be filled with random during
   initalization.  I can't see a reason for this.  This won't replace
   an IV.

I may have not grasped everything in the code and thus I better
apologize in advance.  Having said this, the bottom line is that using
Kwallet as it stands now seems to be a major security problem.  It
might be wise to tell George to read Peter Gutmann's recent papers on
the deficiencies of various VPN protocols.


Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org

Gpa-dev mailing list
Gpa-dev at gnupg.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20031204/0bf404b3/attachment.sig>

More information about the kde-core-devel mailing list