SUMMARY Add support for encryption algorithms other than Blowfish and GPG, such as Twofish, AES and CAMELLIA. They are safer than Blowfish and easier to use than GPG. ADDITIONAL INFORMATION
Gnome-keyring use AES128 and SHA256 for a long time, but kwallet still uses Blowfish and SHA1. This is bad for our users' security.
It should be emphasized that Blowfish has not yet been broken at all, and that the way Kwallet uses SHA1 (amateur KDF, essentially) is not attacked either — for now. It is true that SHA1 has been "broken", but Kwallet since 4.13 has been using proper PBKDF2_SHA512. This is not to say moving up to a more commonly used / "modern" pair like AES-scrypt or chacha20-argon2 is useless — more eyes on an algo is always a good thing; rather, any benefit from such a move need to be balanced against additional complexity in data structure and versioning information.
(In reply to Mingye Wang from comment #2) > rather, any benefit > from such a move need to be balanced against additional complexity in data > structure and versioning information. One thing that can be noticed is that there is a block cipher abstraction layer in the code of kwallet for adding other block encryption algorithms in the future. I think the original designer planned to add other algorithms, but we don't know why it was shelved. https://github.com/KDE/kwallet/tree/master/src/runtime/kwalletd/backend
*** Bug 276634 has been marked as a duplicate of this bug. ***
*** Bug 281237 has been marked as a duplicate of this bug. ***