[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: Saving of passwords (Was: Security status)
From:       George Staikos <staikos () 0wned ! org>
Date:       2000-02-07 18:27:13
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 07 Feb 2000, Stefan Taferner wrote:

> IMO there is absolutely no need to make a solution for kmail only.
> Except if the solution is then better than what we have now.
> 
> Making another config file does not improve the situation.
> 
> Those that are security aware can handle the current situation,
> and those that are not will not change when they do not care
> for two files.

YES!!!!!!  :)


The best idea I can think of to make a secure password storing system is as
follows:

Make a KDE service (ideally hooking into an SQL database) which allows you
to store persistent data for an applet.  The service would allow you to flag
data as "secure" or not, and if it was flagged as such, it would use a
two-way encryption scheme to encrypt that data with a passphrase.  To get the
passphrase, it would ask the user once per session as a SYSTEM-WIDE question,
and store that password in a cache until the user logs out.  It's not
perfect, but it's probably the best that can be done.  it will probably be
somewhat tricky to properly and safely implement as well.  Good idea?

- -- 

George Staikos 


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQEVAwUBOJ8PwPaardfOEhQRAQEfoQf/e/V8wOJbc1mFVRPARgR/osq73vIqWCSN
caquhTM8XrDrKlwLPHQMwFTpgnw0mrTm3VvgSVBgF1cYEpmAnADRlS2doJ+DPuFH
jQfVvNGVACK9Wp1CrmeIHVS0zp/7C2rQ9EmWaJMmnMczJLU7+UP4IgBwtHc0DoTC
7+5q5BtL5nKbtK7yuPhvqaWhShxR/8Zr87Wb0QDhXZYtnj4C/BWfTi+FsIjlgB9a
Ic2kQ2JZ0kwJYeQp00SnCe7XimukVbxD6WOay61FfSeN+rx8vCpBAw7UnCPSI29u
6pKpZRkyQuTk7mpijJvmQlGCL05f1ccR7c3WIBGR06EqTbrIj/kfUw==
=LIkU
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]