[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: IBM Applies for Password Manager Patent
From: George Staikos <staikos () kde ! org>
Date: 2003-11-13 23:18:28
[Download RAW message or body]
On November 13, 2003 18:07, Jason Keirstead wrote:
> On November 13, 2003 06:10 pm, George Staikos wrote:
> > On November 13, 2003 15:51, Jason Keirstead wrote:
> >
> > Then how does he get the wallet file to brute force it? Come on, this
> > is rediculous. What is your point here?
>
> Argh.
>
> As I said above. KWallet is basing security around the fact that some guy
> is logged into your system but you still want to hide data from him. But
> all he has to do is copy off the files and brute force them, so its really
> no security at all.
You don't understand that this is not trivial, and with a well chosen
password, statistically not possible in an amount of time that makes it
useful to attempt in the first place. Do you think that people can brute
force your PGP email too? If so, why does anyone bother with it? I suggest
reading, for instance, Applied Cryptography before continuing with this
thread.
> My point is that the only real security layer is preventing people from
> getting onto the system in the first place. Once someone is in my system,
> nothing else matters, as far as I'm concerned the whole thing is
> compromised. So I could care less about KWallet's passwords or encryption.
> Hence why I have my settings configured for maximal ease of use, and
> minimum seucrity.
Until someone walks up to you on the subway, grabs your laptop or USB key
and runs off.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic