[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 78505] wallets require a password
From:       Jason Keirstead <jason () keirstead ! org>
Date:       2004-06-08 18:51:04
Message-ID: 20040608185104.3084.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
      
http://bugs.kde.org/show_bug.cgi?id=78505      




------- Additional Comments From jason keirstead org  2004-06-08 20:51 -------
On June 8, 2004 03:24 pm, Stefan Gehn wrote:
> KWALLET IS NOT SECURE AT ALL!
> It is just a way to hide your passwords a bit,

And of course this is also true. The passwords are still in plain text in 
memory and in the swap file. 

Also, the only extra protection KWallet even pretends to provide above UNIX 
file permissions  is incase someone somehow hacks into your machine / steals 
it, they don't have your passwords. But if they have the ability to do this, 
they also have the ability to install a software or hardware keyboard grabber 
to get the passwords anyways.

So at most, KWallet provides an *illusion* of security.
[prev in list] [next in list] [prev in thread] [next in thread]