RFC: Moving KWallet Password dialog into Plasma

Martin Gräßlin mgraesslin at kde.org
Fri Jul 20 19:18:15 BST 2012


On Friday 20 July 2012 19:37:00 Thomas Lübking wrote:
> no, see above. the password dialog is snake-oil. (given kwallet acts like
> this)
no it's not complete snake-oil. It does not protect against an attacker 
already on the system (to my knowledge hardly anything not running as root can 
be protected against an attacker with same user privs).

But it still nicely protects:
* the passwords stored on disk, so you don't get the passwords on a not 
powered-on system
* usecases like having your child use your PC but not having it reading your 
mails on gmail (just close the wallet)

So IMHO the passwords are safe except for the case that the system is already 
compromised.

Cheers
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20120720/97a62275/attachment.sig>


More information about the kde-core-devel mailing list