KWallet integration

Martin Konold martin.konold at erfrakon.de
Thu Sep 4 12:23:39 BST 2003


Am Thursday 04 September 2003 01:16 pm schrieb Martijn Klingens:

Hi,

> Why not? If you distrust an application you can just as well distrust the
> entire system, since an untrusted application can just as well install a
> key logger and pass a separate 'credit card password' to whoever is
> interested.

In short the benefit of kwallet is neither to save users from malicious root 
users or malicious "roommates" but _only_ from information leakage in case of 
physical loss e.g. theft and from abuse of backups.

IMHO protection of the backups and the protection in case of theft incl. the 
added usability improvments make the real benefit of kwallet.

Any try to turn kwallet into a security device to serve further purposes is 
doomed to fail.

Yours, 
-- martin
P.S.: Attacks via backups is _very_ common with professional intruders. In 
addition in most companies backup is done via an unencrypted transfer over 
the network ;-)

Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de





More information about the kde-core-devel mailing list