Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)

George Staikos staikos at kde.org
Sat Dec 6 19:34:49 GMT 2003


On Saturday 06 December 2003 08:08, Dirk Mueller wrote:

> > The problem is that people won't just store unimportant data in the
> > wallet. No, they will also store highly sensitive passwords in the
> > wallet. Why? Because they don't know better.
>
> I think the 1-password-for-n passwords is quite easy to swallow. much
> easier than the readable-for-everyone passwords in kmailrc (just giving an
> arbitrary example).
>
> Anyway, we can change the passphrase-to-key algorithm to fit Werner's
> doubts. Just needs somebody doing it, possibly before 3.2 release.

  I am definitely not opposed to this, I just need to find time which I don't 
have right now.  What I DO oppose is linking in any external libraries.  The 
other thing that needs to be fixed is my FIXME regarding the random source.

   Sorry I'm not participating too much in this thread, but I just don't have 
time.  I did go over the code again, re-read relevant sections of Applied 
Cryptography, re-read the VPN insecurities paper, read some other 
implementations of similar code, and more, and of course I could not find 
anything wrong with the encryption algorithm other than the two noted above.  
Known.  Well I'm not sure that the pass->key code is bad, but of course it's 
non-standard.  Anyhow, good to see auditting happening in this code, finally.  
The nice thing is that I can change any of these parts for future releases 
without breaking everyone's setup too.

   If anyone has a suggestion for the changes above that are easy to implement 
and don't require external libraries, please let me know.

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/




More information about the kde-core-devel mailing list