RFC: Moving KWallet Password dialog into Plasma
Thomas Lübking
thomas.luebking at gmail.com
Fri Jul 20 19:27:36 BST 2012
Am 20.07.2012, 20:18 Uhr, schrieb Martin Gräßlin <mgraesslin at kde.org>:
> already on the system (to my knowledge hardly anything not running as
> root can be protected against an attacker with same user privs).
You can establish secure IPC - i frankly thought that's what kwallet was
meant to do.
> But it still nicely protects:
> * the passwords stored on disk, so you don't get the passwords on a not
> powered-on system
What is as good as decrypting the database file on login - except that i
don't face a broken dialog for that ;-)
> * usecases like having your child use your PC but not having it reading
> your mails on gmail (just close the wallet)
So your kid's on your account?
-> puts friendly little scrip here, waiting for kwallet being open and
then dump the database.
That's the reason why multiuser OS exists.
> So IMHO the passwords are safe except for the case that the system is
> already compromised.
I don't atm. *really* know how kwallet operates but on your claim the
question is what additional security can be gained by the extra password.
This however starts to get *slight* OT and probably worth it's own
discussion =)
Cheers,
Thomas
More information about the kde-core-devel
mailing list