[patch] strip kwalletbackend md5 handling

Michael Leupold lemma at confuego.org
Sat Jun 14 07:59:35 BST 2008


Am Samstag, 14. Juni 2008 schrieb Michael Pyne:
> > the kwallet format uses md5 hashing for all of the wallet's keys. This
> > was probably included to support loading data from the wallet file
> > dynamically but never really used. However it is used to generate md5
> > hashes for newly inserted keys at runtime and insert them into a QList.
> > This list is partly used to verify a key exists.
> I'm not sure how cryptographic hashing helps with dynamically loading from
> a file.

I think it was meant like this:
In the kwl file the MD5 hashes are not encrypted using blowfish. If an 
application requests a key, kwallet creates the MD5 hash and searches for 
that hash in the MD5 part of the kwl file. If the hash is not found, it 
doesn't have to decrypt any of the encrypted parts as it's clear that the key 
does not exist. As all keys/values are kept in memory at runtime this 
currently isn't used.

> This isn't any kind of urgent change, I would recommend leaving things the
> way they are at least until we can ask George about why he used MD5 hashes
> this way in his implementation.

Please keep in mind that I'm not entirely removing the MD5 hashes. I just 
removed creating them on adding new entries. They are still being created on 
saving the wallet (so the kwl file layout/content isn't any different from 
what it was before).

However, I don't object to asking George to make sure I didn't remove anything 
important.

Regards,
Michael




More information about the kde-core-devel mailing list