Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)

[Dirk Mueller]

On Saturday 06 December 2003 00:52, Ingo Klöcker wrote:

> As usual, that depends on the threat model. So against which threats
> does the wallet protect the user's data? It protects the data against
> people who have access to the user's data but who can't install a
> trojan to get the data. The most common case is the theft of a laptop.
> In this case the wallet isn't unlocked and therefore the attacker will
> have to attempt an dictionary attack (and if this fails a brute force
> attack) on the wallet.

Parts of the unlocked wallet can be found in the swap partition, unless you 
use encrypted swap (which is unfortunately not very popular yet).

> The problem is that people won't just store unimportant data in the
> wallet. No, they will also store highly sensitive passwords in the
> wallet. Why? Because they don't know better.

I think the 1-password-for-n passwords is quite easy to swallow. much easier 
than the readable-for-everyone passwords in kmailrc (just giving an arbitrary 
example). 

Anyway, we can change the passphrase-to-key algorithm to fit Werner's doubts. 
Just needs somebody doing it, possibly before 3.2 release. 


Dirk