as a matter of fact KWallet is not very secure in the first place. With a password it is secure as long as you have not opened the wallet. Once the wallet is open it is unsecure in the following (obvious) ways: * all information on how to read the passwords has to be in memory. Reading the memory would provide the passwords. Turning of the system would not protect against it (cold boot attack [1]) * there is no authentication between applications and the wallet. Establishing authentication is hardly possible on an open system.
Overall I would say if you do not fear that someone would get access to your turned off system there is no need to have a password. That is a desktop system is probably fine without a password, but on a notebook which could be stolen one should consider using one. There is probably a higher risk from malware interacting with the open wallet than that someone steals the hard disk. In most cases the mentioned LUKS solution is excelent, though I just need to point out that it's of course also breakable by cold boot attacks. I'm not a KWallet developer, just subscribed to this report and interested in IT security (was my major in my Masters program). If you know think that KWallet is insecure: be aware that these are problems probably visible in all password store solutions. The security model of Linux is "if it runs, it's trusted", which means one does not have to consider malicious software. [1] http://en.wikipedia.org/wiki/Cold_boot_attack -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kde4libs in Ubuntu. https://bugs.launchpad.net/bugs/397466 Title: There is no KWallet PAM integration To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/397466/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
