[PATCH] Make pinentry-qt read and store passphrases in KDE
3.2's wallet
Robert Schiele
robert.schiele at t-online.de
Mon Dec 1 09:55:06 CET 2003
On Mon, Dec 01, 2003 at 08:45:33AM +0100, Werner Koch wrote:
> On Sun, 30 Nov 2003 20:39:18 +0100, Ingo Klöcker said:
>
> > KWallet is (IMO) completely out of question. The passphrase must never
> > ever be stored in any form on the hard disk. I'm shocked that someone
>
> Well said. There is no reason to do this because a passphrase stored
> on disk is useless - if you want that you would be better off to save
> your key without any passphrase. The thread model against the
> passphrase tries to protect is a compromised secret key - much like a
> PIN protects against lost or stolen smartcard. If someone is able to
> read a (protected) secret key, he will also be able to read the file
> where KWallet stores the keys. Thus there is no real protection. IF
To be fair it should be mentioned that KWallet does _not_ store the passwords
in clear text on the disk, but does encrypt it by a password that has to be
entered each time kwallet is started. Thus it is somewhat similar to what the
gpg-agent is, but more general.
I can't tell exactly how smart encryption (AFAIK Blowfish) and management of
passwords in KWallet are implemented, so I cannot tell whether it is a good
idea to use it or not. But assuming that it is implemented in a smart way I
cannot see the problem with it.
Robert
--
Robert Schiele Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker mailto:rschiele at uni-mannheim.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20031201/4698ffa2/attachment.bin
More information about the Gpa-dev
mailing list