[PATCH] Make pinentry-qt read and store passphrases in KDE
3.2's wallet
Werner Koch
wk at gnupg.org
Thu Dec 4 11:17:03 CET 2003
On Wed, 3 Dec 2003 22:56:47 +0100, Martijn Klingens said:
> You suggested a passwordless key. Which means that another user who has root
> (or access to your home) can use 'ssh -i ...' to do some club-hopping to
> other servers.
Sorry, there is no protection against root - he can do EVERYTHING on a
standard Unix system. You simply can't protect a user against root.
> A pass inside the wallet however is still encrypted to even root. It doesn't
> help against root installing keyboard sniffers, but certainly makes it more
No it isn't. That is a false sense of security. You might think it
is encrypted but in reality roo has for example always a plaintext
copy or is anyway man-in-the-middle.
> Once per server/key (depending on whether you have password or key based auth,
> most home systems I have access to use password, my work uses key). All in
> all that's a fair amount of passes. Now I don't use most of them a lot and I
That's the whole point. Using password authentication is plainly
stupid and a major security risk. See the recent attack on Debian
machines. Yes, it is okay to su on a machine but then better keep the
password in your own memory between your eyes and ears.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the Gpa-dev
mailing list