KPasswordDialog
Ingo Klöcker
kloecker at kde.org
Fri Nov 5 00:06:21 GMT 2004
On Wednesday 03 November 2004 14:43, George Staikos wrote:
> A few issues have come up recently with KPasswordDialog and, more
> importantly, KPasswordEdit. I think both of these classes need to be
> deprecated, and KPasswordDialog rewritten. Here's why:
>
> 1) KLineEdit provides everything that KPasswordDialog does, but
> better, in that it allows selection without setting the X selection
> or clipboard. (it makes editting easier, and there is a wishlist for
> this)
> 2) It doesn't work properly with UTF-8 passwords (there is a bug
> report for this)
> 3) KPasswordDialog doesn't seem to be fixable without breaking binary
> compatibility or doing messy things
>
> I notice the careful attention to using a char* for storing the
> password, but is this really necessary? I think QString is perfectly
> acceptable - we have many other ways people can steal passwords from
> memory anyway.
Does the operating system clean memory pages after they are freed or
before they are alloc'ed? If not, then an attacker could simply alloc
memory and search it for freed passwords. By using char* this threat
can be countered by zeroing the password before the memory is freed.
The other threat is that passwords are written to the swap partition.
This can only be countered by using mlock'ed char* memory. mlocking
QString is impossible (unless you or Qt writes QSecureString).
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20041105/e9e9deae/attachment.sig>
More information about the kde-core-devel
mailing list