Fwd: KWallet weaknesses
Dirk Mueller
mueller at kde.org
Mon Dec 8 19:28:32 GMT 2003
On Monday 08 December 2003 10:18, Werner Koch wrote:
> It gives a false sense of security. As time passes, someone will use
> Kwallet for stuff it was not designed for and thus either make really
> clear that it may only be used for certain things under that and that
> context or better add the standard level of paranoia and make it safe
> for more things one can image right now.
Ok, lets get some result out of the discussion:
a) You said the passphrase -> key code is bad. Which code should we use
instead? Where can we get a working implementation, or verify our own?
b) You said that the version numbers will allow replay attacks. Though I don't
see how they're relevant or what you could ever gain from it, how should we
fix this problem?
Dirk
More information about the kde-core-devel
mailing list