Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)

Martin Konold martin.konold at erfrakon.de
Sun Dec 7 02:18:48 GMT 2003

Hi George,

> > encrypted swap is not really required.
> > 	man 2 mlock
>   Don't you remember our conversation at Nove Hrady?


>   Eventually the 
> password has to go to a non-mlocked region, and actually goes over DCOP,
> and often the lan, so what's the point?  It only protects a very small
> number of cases for kwallet, really.  The better solution is a complete
> trusted system.  Oops I didn't say that.

Yes, and therefor I think that using encrypted swap is not the solution. IMHO 
we should emphasize on the practical consequences.

IIRC you mentioned that the security problem you are trying to solve is the 
"lost laptop" case and in addition you want to offer convinience to the 

The fact that the password "travels" through the system e.g. konqueror far 
beyond kwallet does not lower the security value of kwallet.

In short I consider kwallet not to be the solution to all potential security 
problems but using the current kwallet implementation instead of writing the 
credentials down manually or trying to remember them is security wise a 
significant improvement.

-- martin

Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de

More information about the kde-core-devel mailing list