Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)

[Martijn Klingens]

On Friday 05 December 2003 17:15, Dirk Mueller wrote:
> As far as I know, KWallet *does* have an initialisation vector for each
> folder.

Yes, that's explained in George's slides to which I sent a link to Werner. See 
my forwarded mail for his follow-up.

> It is described in George's slides which he presented at N7y. We also
> refined the storage protocol during this session a bit. I agree it might be
> better to put that along the source code in CVS.

I sent this link to Werner. Again, see the other mail for his response.

> I tried to talk George into providing different access levels, or passwords
> for each kwallet folder (a folder for webaccounts, a folder for mail
> accounts and a folder for private data like your credit card number or
> similiar), but for some reason we decided against this. Can't actually
> remember anymore why.

It would also be nice to have some kind of ACL to restrict the wallet access 
for certain apps to certain folders in the wallet, or to automagically link a 
wallet to an app without having to add specific application support.

That way I could do with 3 wallets, one with everyday passwords (the 
throwaways for web and kopete), one with my private-but-sensitive passes (gpg 
and ssh passphrases, kdesu passes) and one with my work passes. The 
respective wallets can then remain closed until first used and even have 
different paranoia and security settings, and I would never have to enter 
more than three different passwords during a KDE session.

-- 
Martijn