On November 13, 2003 9:16 am, Michael Pyne wrote:
> I'm not George, but I think he means that someone's login password was
> compromised, thus leading to access to their machine.  If their KWallet
> password had also been their login password, then all of KWallet's
> information (e.g., passwords) would have been available to the intruder as
> well. 

If someone has login access to the machine and read access to the KWallet 
files, all he has to do is copy off the files and brute-force attack them 
later.  So the whole thing is pretty much moot.

This is why once someone is logged into the machine, as root or as you, all 
bets are off. And why to me KWallet has never been about security at all, its 
just a convenience thing so I don't need to remember so many passwords. Any 
"security" provided by KWallet is nothing more than a deterrence at best.

AKA I agree with Jeff and Aaron 100% :P

-- 
There's no place like 127.0.0.1

http://www.keirstead.org
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<