RFC: Moving KWallet Password dialog into Plasma

Thomas Lübking thomas.luebking at gmail.com
Fri Jul 20 18:37:00 BST 2012


2012/7/20, Martin Gräßlin <mgraesslin at kde.org>:

> Once the wallet is open every running application can read each single
> password. So does not sound very secure to me in the first place.

a) no.
b) ouch.
c) if kwallet is not intended to be a secure container (i frankly
don't really use it as such) using asymetric encryption and signatures
to validate and communicate with clients that raises the questions:
1. why is there a kwallet dialog at all
2. why are passwords not stored in 600 files? (ok, is exaggerated, the
data is still encrypted on disk, but one could actually decrypt the
container into some tmpfs then...)

In that case i now suggest to remove the password from kwallet.
Reason, two cases:
1. you have private data to be secured -> kwallet is worthless
2. you're joe user and store your various weblogins that nobody
actually cares about there (instead of a post-it on your screen, which
would be more secure) -> there's no reason to protect them (because
with the suggested design of kwallet it would take likely 5 minutes to
penetrate any system with hw access to raise to kwallet privs)


> I'm not sure whether there needs to be further protection
no, see above. the password dialog is snake-oil. (given kwallet acts like this)

Cheers,
Thomas




More information about the kde-core-devel mailing list