KWallet integration
Martin Konold
martin.konold at erfrakon.de
Thu Sep 4 12:23:39 BST 2003
Am Thursday 04 September 2003 01:16 pm schrieb Martijn Klingens:
Hi,
> Why not? If you distrust an application you can just as well distrust the
> entire system, since an untrusted application can just as well install a
> key logger and pass a separate 'credit card password' to whoever is
> interested.
In short the benefit of kwallet is neither to save users from malicious root
users or malicious "roommates" but _only_ from information leakage in case of
physical loss e.g. theft and from abuse of backups.
IMHO protection of the backups and the protection in case of theft incl. the
added usability improvments make the real benefit of kwallet.
Any try to turn kwallet into a security device to serve further purposes is
doomed to fail.
Yours,
-- martin
P.S.: Attacks via backups is _very_ common with professional intruders. In
addition in most companies backup is done via an unencrypted transfer over
the network ;-)
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the kde-core-devel
mailing list