Review Request 110328: Add config option to silently create initial password-less wallet

Eike Hein eikehein at gmail.com
Mon May 6 18:11:19 BST 2013


>
> How does KWallet encrypt if no password has been set?
>

About as badly as one would expect. It does still generate a hash which
it uses for encryption. What kwalletd does is try whether it can open a
wallet with an empty password first (thus generating the same hash) and
ask for one to be entered if it can't.

Obviously running with an empty password isn't really for the security-
minded, but the distributions in question feel like this is the better
default
for their user experience. At least the user can still set a password later.


Cheers,
Eike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130506/e4646ff1/attachment.htm>


More information about the kde-core-devel mailing list