Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)
Martin Konold
martin.konold at erfrakon.de
Sun Dec 7 02:18:48 GMT 2003
Hi George,
> > encrypted swap is not really required.
> > man 2 mlock
>
> Don't you remember our conversation at Nove Hrady?
Yes.
> Eventually the
> password has to go to a non-mlocked region, and actually goes over DCOP,
> and often the lan, so what's the point? It only protects a very small
> number of cases for kwallet, really. The better solution is a complete
> trusted system. Oops I didn't say that.
Yes, and therefor I think that using encrypted swap is not the solution. IMHO
we should emphasize on the practical consequences.
IIRC you mentioned that the security problem you are trying to solve is the
"lost laptop" case and in addition you want to offer convinience to the
users.
The fact that the password "travels" through the system e.g. konqueror far
beyond kwallet does not lower the security value of kwallet.
In short I consider kwallet not to be the solution to all potential security
problems but using the current kwallet implementation instead of writing the
credentials down manually or trying to remember them is security wise a
significant improvement.
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the kde-core-devel
mailing list