Page 5 of 5 FirstFirst ... 345
Results 41 to 45 of 45

Thread: 10 Year Old KDE Bug Finally Gets Fixed

  1. #41
    Join Date
    Dec 2010
    Posts
    1,120

    Default

    Quote Originally Posted by ChrisXY View Post
    If I have no password set, anyone with physical/root access can open it, even if I'm not logged in, right?
    If the KWallet password is automatically the same as the user login password, anyone with physical/root access can simply change the user password or alternatively plant a script that reads the contents of KWallet right after login.
    If you are concerned about people having physical access to your PC, go full-disk encryption instead.

  2. #42
    Join Date
    Jun 2010
    Location
    ฿ 16LDJ6Hrd1oN3nCoFL7BypHSEYL84ca1JR
    Posts
    1,045

    Default

    Quote Originally Posted by Awesomeness View Post
    If the KWallet password is automatically the same as the user login password, anyone with physical/root access can simply change the user password
    The kwallet password is the same as the login password, but separately set. It could just work together that for this case one only needs one login and changing the user password would not touch kwallet's password.

    Quote Originally Posted by Awesomeness View Post
    or alternatively plant a script that reads the contents of KWallet right after login.
    How is that much worse than a script that just waits for kwallet to open and reads it then?

  3. #43
    Join Date
    Dec 2010
    Posts
    1,120

    Default

    Quote Originally Posted by ChrisXY View Post
    How is that much worse than a script that just waits for kwallet to open and reads it then?
    The longer a script has to sit and way, the higher the chance of detecting it.

    And even if it was not worse: I see no point developing a KWallet feature that is not superior to the current way.
    Again: If you are concerned about strangers with physical access to your PC, use full disk encryption.

  4. #44
    Join Date
    Sep 2012
    Posts
    665

    Default

    Quote Originally Posted by Awesomeness View Post
    The longer a script has to sit and way, the higher the chance of detecting it.

    And even if it was not worse: I see no point developing a KWallet feature that is not superior to the current way.
    Again: If you are concerned about strangers with physical access to your PC, use full disk encryption.
    Please correct me if I'm wrong:
    If KWallet password is not set, KWallet content is not encrypted. If my laptop is stolen, KWallet content can be read.
    If KWallet password is set to the user password, KWallet content is encrypted. One can change the user password, but it won't decrypt KWallet content (root can't change KWallet password). If my laptop is stolen, KWallet content cannot be read. If user changes its user password, it must change KWallet password separately (or the GUI must do it for him at least), and the original password is necessary for this.

    The keylogger point is completely moot. If you have one on your PC, your doomed, whether it takes 0 or 5min between your login and the opening of the KWallet content.

    I personally think that one-step login and off-line protection is a useful feature.

  5. #45
    Join Date
    Dec 2010
    Posts
    1,120

    Default

    Quote Originally Posted by erendorn View Post
    Please correct me if I'm wrong:
    If KWallet password is not set, KWallet content is not encrypted. If my laptop is stolen, KWallet content can be read.
    Not with full disk encryption.

    Quote Originally Posted by erendorn View Post
    I personally think that one-step login and off-line protection is a useful feature.
    It's definitively a feature request and not a bug and the claim that it's a bug is the reason why it was even mentioned here in the first place.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •