[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 78505] wallets require a password
From:       George Staikos <staikos () kde ! org>
Date:       2004-06-08 19:09:43
Message-ID: 20040608190943.11659.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
      
http://bugs.kde.org/show_bug.cgi?id=78505      




------- Additional Comments From staikos kde org  2004-06-08 21:09 -------
On June 8, 2004 14:51, Jason Keirstead wrote:
> And of course this is also true. The passwords are still in plain text in
> memory and in the swap file.
>
> Also, the only extra protection KWallet even pretends to provide above UNIX
> file permissions  is incase someone somehow hacks into your machine /
> steals it, they don't have your passwords. But if they have the ability to
> do this, they also have the ability to install a software or hardware
> keyboard grabber to get the passwords anyways.
>
> So at most, KWallet provides an *illusion* of security.

   It only provides "at most an illusion of security" if you only consider the 
cases that you outlined.  You should read the paper at least to learn more 
about it.  In particular, I travel with my laptop.  If I lose it, I can have 
a high degree of confidence that my passwords won't be stolen.  I couldn't do 
that before when I was using a text file.
[prev in list] [next in list] [prev in thread] [next in thread]