Making kwallet more secure

[Michael Leupold]

On Sunday 24 August 2008, Ingo Klöcker wrote:
> On Saturday 23 August 2008, Michael Leupold wrote:
> > (Note: The "security" I talk about is only meant to secure against
> > attacks from malicious software and malicious people who get access
> > to your computer).
> As others have already pointed out there's no way to secure against such
> attacks. If malicious software owns your computer (or your user
> account) then you are doomed in any case.

I'm currently looking into (future) ways to secure the wallet into attacks of 
that sort. The main problem is that you'd have to establish some authenticity 
for the application performing a request on kwalletd. There are already ways 
(on Linux) how this could be done but they are not widely deployed yet.

Eg. SELinux would allow us to declare policies on which applications could 
access the wallet by assigning a wallet role to them and allowing only that 
role to access the wallet on the session bus (or by some other IPC mechanism 
like message queues or shared memory). Unfortunately this isn't cross-platform 
and I haven't even found a way to figure out the calling process for any of 
the native IPC mechanisms on windows platforms.

> kwallet protects passwords stored in the file system against adversaries
> who _only_ have read access to your hard disk. No more, no less.

Yes, I understand this limitation. I do however believe that with the rise of 
secure computing we will have means to store passwords more secure in the 
future and that we should use them when they become available. Having a look 
at what is/might be available will allow us to at least provide means to 
implement those mechanisms later.

Regards,
Michael