[patch] strip kwalletbackend md5 handling
Michael Leupold
lemma at confuego.org
Sat Jun 14 07:59:35 BST 2008
Am Samstag, 14. Juni 2008 schrieb Michael Pyne:
> > the kwallet format uses md5 hashing for all of the wallet's keys. This
> > was probably included to support loading data from the wallet file
> > dynamically but never really used. However it is used to generate md5
> > hashes for newly inserted keys at runtime and insert them into a QList.
> > This list is partly used to verify a key exists.
> I'm not sure how cryptographic hashing helps with dynamically loading from
> a file.
I think it was meant like this:
In the kwl file the MD5 hashes are not encrypted using blowfish. If an
application requests a key, kwallet creates the MD5 hash and searches for
that hash in the MD5 part of the kwl file. If the hash is not found, it
doesn't have to decrypt any of the encrypted parts as it's clear that the key
does not exist. As all keys/values are kept in memory at runtime this
currently isn't used.
> This isn't any kind of urgent change, I would recommend leaving things the
> way they are at least until we can ask George about why he used MD5 hashes
> this way in his implementation.
Please keep in mind that I'm not entirely removing the MD5 hashes. I just
removed creating them on adding new entries. They are still being created on
saving the wallet (so the kwl file layout/content isn't any different from
what it was before).
However, I don't object to asking George to make sure I didn't remove anything
important.
Regards,
Michael
More information about the kde-core-devel
mailing list