Ingo Klöcker kloecker at
Fri Nov 5 00:06:21 GMT 2004

On Wednesday 03 November 2004 14:43, George Staikos wrote:
> A few issues have come up recently with KPasswordDialog and, more
> importantly, KPasswordEdit.  I think both of these classes need to be
> deprecated, and KPasswordDialog rewritten.  Here's why:
> 1) KLineEdit provides everything that KPasswordDialog does, but
> better, in that it allows selection without setting the X selection
> or clipboard.  (it makes editting easier, and there is a wishlist for
> this)
> 2) It doesn't work properly with UTF-8 passwords  (there is a bug
> report for this)
> 3) KPasswordDialog doesn't seem to be fixable without breaking binary
> compatibility or doing messy things
> I notice the careful attention to using a char* for storing the
> password, but is this really necessary?  I think QString is perfectly
> acceptable - we have many other ways people can steal passwords from
> memory anyway.

Does the operating system clean memory pages after they are freed or 
before they are alloc'ed? If not, then an attacker could simply alloc 
memory and search it for freed passwords. By using char* this threat 
can be countered by zeroing the password before the memory is freed.

The other threat is that passwords are written to the swap partition. 
This can only be countered by using mlock'ed char* memory. mlocking 
QString is impossible (unless you or Qt writes QSecureString).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the kde-core-devel mailing list