kwalletd encrypts in ECB instead of CBC

[Valentin Rusu]

On 05/01/15 01:51:31, Valentin Rusu wrote:
> On 28/12/14 22:58:12, David Faure wrote:
> > Hi Valentin,
> > 
> 
> Hello,
> 
> > this report (to the security list) is two years old, but I'm not sure it was 
> > ever sent to you?
> > 
> > Can you check if this is still an issue?
> 
> Well, this was still an issue and I now fixed it into my local
> KF5::KWallet repository. The code now correctly implements CBC
> encryption. I keep the legacy decrypt method and use it when reading the
> existing wallets. On next save I switch them to the new encryption
> method. The change is tracked on the kwl file header, so on next open
> it'll be decrypted using the new CBC routine.
> 
> The test program under kwalletd/backend/tests was updated. I also added
> some tests for jenkins.
> 
> Before pushing it, I'll first fix the KDE4 kde-runtime/kwalletd then
> push them at the same time. I think I should also blog about this, as
> this will change the user's kwallet files.  Even if that'll be
> transparent, our users should be warned. Or perhaps should we
> communicate that by other means about this security update?

The fixes now hit the kde-runtime and the frameworks/kwallet
repositories.

A note will be posted on https://www.kde.org/info/security/ about this
issue.


> 
> > 
> > Cheers,
> > David.
> 
> Cheers,
> Valentin
> 
> > 
> > 
> > On Saturday 01 December 2012 12:19:18 Itay Duvdevani wrote:
> > > Hi,
> > > 
> > > Looking at the sources in git master (and going back at least
> > > to 4.8.4), I found wallet files are encrypted in ECB mode instead of
> > > CBC.
> > >