[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: KWallet integration
From: Daniel Stone <daniel () fooishbar ! org>
Date: 2003-09-04 11:38:34
[Download RAW message or body]
On Thu, Sep 04, 2003 at 12:52:37PM +0200, Rob Kaper wrote:
> On Thu, Sep 04, 2003 at 12:11:13PM +0200, Martijn Klingens wrote:
> > If root doesn't have the key it is always capable to retrieve it in a system
> > that's in use. Encryption only helps against systems that are not and cannot
> > be trojaned.
>
> True, but that's no argument not to encrypt, or not to secure.
Yes.
As I said on IRC, I could get shot in the head while walking down the street. I
don't spend my life in a bombproof vest, however; I just try to avoid walking
down dark alleys in dodgy parts of the city at 4am when I'm too drunk to defend
myself.
Encryption makes life a hell of a lot harder for attackers; not impossible, just
harder. It's like MD5 passwords: do you (not you, Capsi; a more inclusive "you")
store all your passwords as crypt, or plaintext, simply because you could defeat
MD5 if you really felt like it?
I think most of this thread has missed the point; yes, you *could* defeat
KWallet's security if you really wanted to. However, you could also get my GnuPG
passphrase by attaching electrodes to my testicles; that's not a good argument
for me to put my unpassworded private key on a public location, though.
This is about relative security, and whether the merits outweigh the negatives,
not about whether backups could be potentially be cracked.
Do the merits outweigh the negatives?
--
Daniel Stone <daniel@fooishbar.org>
http://www.debian.org - http://www.kde.org - http://www.freedesktop.org
"Configurability is always the best choice when it's pretty simple to implement"
-- Havoc Pennington, gnome-list
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic