[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 78505] wallets require a password
From:       Jason Keirstead <jason () keirstead ! org>
Date:       2004-09-15 22:23:02
Message-ID: 20040915222302.27883.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
        
http://bugs.kde.org/show_bug.cgi?id=78505        




------- Additional Comments From jason keirstead org  2004-09-16 00:22 -------
KDM and KWallet shouldn't be integrated for several reasons.

1. Not everyone uses KDM. You need to be able to use KWallet without KDM.

2. KDM can't use KWallet for authentication since it needs to
authenticate against the system and the system knows nothing about
KWallet

3. KWallet's encryption is arguably much stronger than the encryption
used in most logins, so using KDM as it's authentication would be
making it weaker with no benefit.

4. If you have an option to use KWallet without a password (as said in
this bug), then there is no need for any integration at all with KDM,
since a passwordless KWallet is nearly the exact same thing in terms
of security (if you can crack the system password you have access
to the data)

The solution to this bug is very simple - provide an option for a passwordless \
wallet, that just uses the old string obscuring method KMail used for "encrypting" \
passwords.


[prev in list] [next in list] [prev in thread] [next in thread]