KWallet integration - from the developer
Tim Jansen
tim at tjansen.de
Thu Sep 4 19:27:44 BST 2003
On Thursday 04 September 2003 14:52, George Staikos wrote:
> system. The only big difference we have at this point is that we don't
> reuse the system login password for the wallet password. I think you can
> agree with me that this is a bad idea for us to emulate.
Why? I can see that it is difficult to implement, but for the user it is
great.
If the password's hash is secure (MD5 or similar) on the local system it
should be no security problem to use it for encryption of passwords as well.
If your account is not save, having a different password for KWallet does not
help much anyway.
The advantage is that people who use a non-mobile computer at home have almost
the same degree of security, but much more comfort. Forcing them to enter two
passwords just encourages them to turn off password protection for KWallet,
use empty/trivial passwords or similar ways around the problem.
(And it would also be a little bit safer than my current solution, an
unencrypted plain text file that contains all my passwords)
bye...
More information about the kde-core-devel
mailing list