Review Request 117157: Unlock session via DBus

[Michael Pyne]

On Fri, April 4, 2014 02:20:28 Valentin Rusu wrote:
> On Sunday, March 30, 2014 05:25:58 PM Michael Pyne wrote:
> > In fact the list of folders and keys present in KWallet (though
> > not their values) can be queried without unlocking KWallet, or even
> > causing
> > it to prompt to unlock.
> 
> Could you please elaborate more on the possibility to enumerate the keys
> without opening the wallet?

From the KWallet::Wallet API docs:

> bool Wallet::keyDoesNotExist(...):
> 
> Determine if an entry in a folder does not exist in a wallet.
> 
> This does not require decryption of the wallet. This is a handy optimization
> to avoid prompting the user if your data is certainly not in the wallet.

Wallet::folderDoesNotExist() has similar verbiage.

"enumerating" is overstating the case here since there's no direct support for 
enumerating folders or keys. But all the same, it's not hard at all to brute-
force potential folder or key names using the same method used to guess valid 
Coinbase user identities that just hit the news.

Of course if an attacker is running code they'd probably just find it easier 
to open the .kwl directly and read the folder and key names, since apparently 
those are stored unencrypted, if the API docs are to be believed.

Note that there is a valid use case for this feature: It would be tremendously 
annoying for a user to have to open their wallet just so an application can 
verify if it does or does not have an entry stored in the wallet. Instead the 
application can defer opening the wallet (and forcing the password prompt0 
until the value is actually needed.

Regards,
 - Michael Pyne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140403/59dd1240/attachment.sig>