KPasswordDialog / KPasswordEdit
Brad Hards
bradh at frogmouth.net
Sat Jan 14 21:44:23 GMT 2006
On Sunday 15 January 2006 02:47 am, Daniel Molkentin wrote:
> 1) The class still uses char*. Probably the reasons is simply historic. I
> also remember a discussion about QString not considered secure enough for
> this job since QString's shared buffers are not drawn from non-swappable
> memory. However, this is a non-argument as long as we keep using
> KLineEdits. I am also not confident that KPasswordLineEdit (still) lives up
> to those expectations (I didn't really audit the class since I feel not
> qualified in any way). Still I think this whole discussion about
> non-shareable passwords looked to me like securing the doors of a blown up
> house (I remember such a statement from the original discussions).
>
> Suggestion: Either get rid of char* use and ignore the problem as
> neglectable, or find someone who audits this class properly for Qt 4. The
> silver bullet would be to check what it takes to make QSharedData and thus
> QString to use non-swapable memory, so we could just use QString or a
> derived class to handle passwords and other sensitive data in the future.
Justin Karneges and I have done some work on a QSecureArray class (closer to
the Qt4 QByteArray than to QString, but perhaps appropriate for this purpose)
in QCA. The implementation uses mlock() or mmap() to avoid swapping the
passwords out. The current API documention is available at:
http://www.frogmouth.net/qca/apidocs/html/classQSecureArray.html and of course
you can get the source from SVN (in kdesupport/qca/)
Using QSecureArray in KPasswordDialog and KPasswordEdit will help with the
integration into QCA (e.g. the Oasis office encryption stuff doesn't use the
password directly - it uses the password as an input to PBKDF2 to generate a
symmetric key, which is then used with a block cipher to encrypt or decrypt
the document - this is pretty typical for local crypto work, although less
used for networking).
Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060115/54d1c71e/attachment.sig>
More information about the kde-core-devel
mailing list