From kde-devel  Thu Nov 13 23:07:12 2003
From: Jason Keirstead <jason () keirstead ! org>
Date: Thu, 13 Nov 2003 23:07:12 +0000
To: kde-devel
Subject: Re: IBM Applies for Password Manager Patent
X-MARC-Message: https://marc.info/?l=kde-devel&m=106876499703494

On November 13, 2003 06:10 pm, George Staikos wrote:
> On November 13, 2003 15:51, Jason Keirstead wrote:

>    Then how does he get the wallet file to brute force it?  Come on, this
> is  rediculous.   What is your point here?
> 

Argh.

As I said above. KWallet is basing security around the fact that some guy is
logged into your system but you still want to hide data from him. But all he has
to do is copy off the files and brute force them, so its really no security at all.

My point is that the only real security layer is preventing people from getting onto
the system in the first place. Once someone is in my system, nothing else matters,
as far as I'm concerned the whole thing is compromised. So I could care less about
KWallet's passwords or encryption. Hence why I have my settings configured for 
maximal ease of use, and minimum seucrity.

-- 
There's no place like 127.0.0.1

http://www.keirstead.org
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<