On November 13, 2003 18:07, Jason Keirstead wrote:
> On November 13, 2003 06:10 pm, George Staikos wrote:
> > On November 13, 2003 15:51, Jason Keirstead wrote:
> >
> >    Then how does he get the wallet file to brute force it?  Come on, this
> > is  rediculous.   What is your point here?
>
> Argh.
>
> As I said above. KWallet is basing security around the fact that some guy
> is logged into your system but you still want to hide data from him. But
> all he has to do is copy off the files and brute force them, so its really
> no security at all.

   You don't understand that this is not trivial, and with a well chosen 
password, statistically not possible in an amount of time that makes it 
useful to attempt in the first place.  Do you think that people can brute 
force your PGP email too?  If so, why does anyone bother with it?  I suggest 
reading, for instance, Applied Cryptography before continuing with this 
thread.

> My point is that the only real security layer is preventing people from
> getting onto the system in the first place. Once someone is in my system,
> nothing else matters, as far as I'm concerned the whole thing is
> compromised. So I could care less about KWallet's passwords or encryption.
> Hence why I have my settings configured for maximal ease of use, and
> minimum seucrity.

  Until someone walks up to you on the subway, grabs your laptop or USB key 
and runs off.

-- 
George Staikos
KDE Developer			http://www.kde.org/
Staikos Computing Services Inc.	http://www.staikos.net/
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<