Making kwallet more secure
Ingo Klöcker
kloecker at kde.org
Sun Aug 24 19:36:38 BST 2008
On Sunday 24 August 2008, Michael Leupold wrote:
> On Sunday 24 August 2008, Ingo Klöcker wrote:
> > On Saturday 23 August 2008, Michael Leupold wrote:
> > > (Note: The "security" I talk about is only meant to secure
> > > against attacks from malicious software and malicious people who
> > > get access to your computer).
> >
> > As others have already pointed out there's no way to secure against
> > such attacks. If malicious software owns your computer (or your
> > user account) then you are doomed in any case.
>
> I'm currently looking into (future) ways to secure the wallet into
> attacks of that sort. The main problem is that you'd have to
> establish some authenticity for the application performing a request
> on kwalletd. There are already ways (on Linux) how this could be done
> but they are not widely deployed yet.
>
> Eg. SELinux would allow us to declare policies on which applications
> could access the wallet by assigning a wallet role to them and
> allowing only that role to access the wallet on the session bus (or
> by some other IPC mechanism like message queues or shared memory).
> Unfortunately this isn't cross-platform and I haven't even found a
> way to figure out the calling process for any of the native IPC
> mechanisms on windows platforms.
I wouldn't pay to much attention to portability if you have the chance
to greatly improve the security on one platform. kwallet should be as
secure as the platform it is running on allows (instead of as secure as
all platforms it can potentially run on allow).
> > kwallet protects passwords stored in the file system against
> > adversaries who _only_ have read access to your hard disk. No more,
> > no less.
>
> Yes, I understand this limitation. I do however believe that with the
> rise of secure computing we will have means to store passwords more
> secure in the future and that we should use them when they become
> available.
Of course.
> Having a look at what is/might be available will allow us
> to at least provide means to implement those mechanisms later.
Sure. Since those mechanisms will have to be implemented in hardware or
in the kernel (see SELinux) all we as application developers can (and
should) do is use those mechanisms once they become available (even if
they are not available on all systems). So it's definitely good to look
what is available now and what might be available in the future.
You might want to have a look in the usage of crypto smartcards for
encrypting the wallet. This will at least prevent attacks by password
sniffers and keyboard loggers. (But it won't really increase the
security because if somebody can install a password sniffer on your
system then he can as well install a man-in-the-middle between kwallet
and the smartcard.)
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080824/2622a676/attachment.sig>
More information about the kde-core-devel
mailing list