[PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet

Werner Koch wk at gnupg.org
Thu Dec 4 11:17:03 CET 2003

On Wed, 3 Dec 2003 22:56:47 +0100, Martijn Klingens said:

> You suggested a passwordless key. Which means that another user who has root 
> (or access to your home) can use 'ssh -i ...' to do some club-hopping to 
> other servers.

Sorry, there is no protection against root - he can do EVERYTHING on a
standard Unix system.  You simply can't protect a user against root.

> A pass inside the wallet however is still encrypted to even root. It doesn't 
> help against root installing keyboard sniffers, but certainly makes it more 

No it isn't.  That is a false sense of security.  You might think it
is encrypted but in reality roo has for example always a plaintext
copy or is anyway man-in-the-middle.

> Once per server/key (depending on whether you have password or key based auth, 
> most home systems I have access to use password, my work uses key). All in 
> all that's a fair amount of passes. Now I don't use most of them a lot and I 

That's the whole point.  Using password authentication is plainly
stupid and a major security risk.  See the recent attack on Debian
machines.  Yes, it is okay to su on a machine but then better keep the
password in your own memory between your eyes and ears.


Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org

More information about the Gpa-dev mailing list