[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: IBM Applies for Password Manager Patent
From: Paul Campbell <paul () taniwha ! com>
Date: 2003-11-11 17:19:30
[Download RAW message or body]
On Tuesday 11 November 2003 05:42 am, George Staikos wrote:
> On Monday 10 November 2003 16:55, Paul Campbell wrote:
> > config kwallet to do what the Apple ones did where I could
> > have the system automatically use my login password to open
> > the wallet?)
>
>
> Horrible idea... Where do we store your password in order
> to do this?
you don't, you use the login password when typed and apply it to
unlock the wallet during the login process (I realise this is a
problem in the unix/X/KDE world because login and the window
manager are usually seperate worlds - KDM and KDE could however
be persuaded to work together. (obviously there would have to be
a dialog to handle the case where the user's password has
changed and the wallet needs to be reencrypted)
> It also defeats the "walk away from the
> terminal and the wallet is still accessible" safeties. I
> think it's very convenient, but a bad idea from a security
> perspective.
it depends on your machine and situation - obviously it should
not be the default - on the other hand people should be able to
make their own security decisions - I carry my laptop every
where I go - I'm moment to moment responsible for it's physical
security while it's booted and I'm quite willing to take the
chance that someone will snatch it from me and then use it to
file bugs on the company's bugzilla (the only keys in its
wallet).
As it is I have kwallet running and I find it rather annoying - I
alternately log on at work and home, because my IP address
changes bugzilla invalidates its cookies and makes me log in
again each time, exactly once, and each time I have to type an
extra password to open the wallet - so rather than saving me
work it's adding it .... (just one data point obviously YMMV)
On the other hand there are obviously some keys that are more
important than others - bugzilla, I don't care much about, my
bank account's login I probably do - opening some wallets and
not others at login might make sense.
Paul
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic