KWallet integration

Daniel Stone daniel at fooishbar.org
Thu Sep 4 12:38:34 BST 2003


On Thu, Sep 04, 2003 at 12:52:37PM +0200, Rob Kaper wrote:
> On Thu, Sep 04, 2003 at 12:11:13PM +0200, Martijn Klingens wrote:
> > If root doesn't have the key it is always capable to retrieve it in a system 
> > that's in use. Encryption only helps against systems that are not and cannot 
> > be trojaned.
> 
> True, but that's no argument not to encrypt, or not to secure.

Yes.

As I said on IRC, I could get shot in the head while walking down the street. I
don't spend my life in a bombproof vest, however; I just try to avoid walking
down dark alleys in dodgy parts of the city at 4am when I'm too drunk to defend
myself.

Encryption makes life a hell of a lot harder for attackers; not impossible, just
harder. It's like MD5 passwords: do you (not you, Capsi; a more inclusive "you")
store all your passwords as crypt, or plaintext, simply because you could defeat
MD5 if you really felt like it?

I think most of this thread has missed the point; yes, you *could* defeat
KWallet's security if you really wanted to. However, you could also get my GnuPG
passphrase by attaching electrodes to my testicles; that's not a good argument
for me to put my unpassworded private key on a public location, though.

This is about relative security, and whether the merits outweigh the negatives,
not about whether backups could be potentially be cracked.

Do the merits outweigh the negatives?

-- 
Daniel Stone                                              <daniel at fooishbar.org>
http://www.debian.org - http://www.kde.org - http://www.freedesktop.org
"Configurability is always the best choice when it's pretty simple to implement"
  -- Havoc Pennington, gnome-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20030904/dc6884fb/attachment.sig>


More information about the kde-core-devel mailing list