[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KWallet integration
From:       Daniel Stone <daniel () fooishbar ! org>
Date:       2003-09-04 10:35:06
[Download RAW message or body]


On Thu, Sep 04, 2003 at 12:11:13PM +0200, Martijn Klingens wrote:
> On Thursday 04 September 2003 12:08, Russell Miller wrote:
> > On Thu, Sep 04, 2003 at 11:43:12AM +0200, Martin Konold wrote:
> > > > The issue at hand was slightly more generic, I was just making an
> > > > example. Encryption can defeat root.
> > >
> > > Sorry, this is incorrect.
> >
> > Actually, it is not, if the root user does not have the key or passphrase.
> 
> How do you want to prevent root from sniffing all your keypresses?
> 
> If root doesn't have the key it is always capable to retrieve it in a system 
> that's in use. Encryption only helps against systems that are not and cannot 
> be trojaned.

*sigh*. Of course we're talking about relative security here.

The only secure system is buried in concrete, somewhere near the core of the
earth, is not plugged into anything, does not contain any information, does not
allow anyone to access the information it doesn't contain anyway, and doesn't
exist.

-- 
Daniel Stone                                              <daniel@fooishbar.org>
http://www.debian.org - http://www.kde.org - http://www.freedesktop.org
"Configurability is always the best choice when it's pretty simple to implement"
  -- Havoc Pennington, gnome-list

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]