Version: (using KDE Devel) Installed from: Compiled sources Compiler: gcc 3.3.1 SuSE 9.0 OS: Linux When my wallet is open, I can view all passwords stored in wallet in plain text. It would be better if kwallet does not display passwords like this and instead use some basic encryption and show passwords encrypted so that someone can't know my password just by looking at it. I am generally logged in and rarely log out of KDE. Also i have set time for wallet to close to around 500 mins, so that i don't have to provide password again and again. Now if i go away from my computer for say 5-10 mins, and my wallet is open someone can see my password.
On Wednesday 21 April 2004 08:10, nilesh wrote: > When my wallet is open, I can view all passwords stored in wallet in plain > text. It would be better if kwallet does not display passwords like this > and instead use some basic encryption and show passwords encrypted so that > someone can't know my password just by looking at it. > > I am generally logged in and rarely log out of KDE. Also i have set time > for wallet to close to around 500 mins, so that i don't have to provide > password again and again. Now if i go away from my computer for say 5-10 > mins, and my wallet is open someone can see my password. This is impossible to prevent. No matter what scheme you come up with, I can always make a 30 second hack for it. That's why the keys are hidden by default - visual hiding to avoid "accidents" is the best that can be done.
I would like to add my anti-vote. If you're afraid that someone might steal your password while you go away, you can always lock your screen. IMHO it's okay the way it is. Thanks George for KWallet. :) Christian
Sorry this is basically impossible to "fix"
[quote] No matter what scheme you come up with, I can always make a 30 second hack for it [/quote] You are not getting what i am saying. Look with perspective of a naive user, who don't know much about encryption and coding. But he can see what the passwd is if it is in clear text. Linux and KDE are no longer confined to developers and hackers. A normal user dont lock his desktop very frequently. He is not concerned about security and for him most important is convenience(he should not need to enter passwd again and again same time). A user will not lock his desktop if he is going out for say 5 mins and some of his friend is sitting next to him. kwallet is a great app, but we need to make it more usable. You can not say to a user that "this is not the right way to do things", but instead a developer should look in how users use some application and based on that the application should be modified. Main principle of human-computer-interaction is a user should not change his way of working for some computer, but instead computers should change to suite user needs. btw, thanks for such a great app kwallet.
Why not simply ask again for the wallet's password before showing passwords in clear text? Like, when you check "Show values" it requests the password. This way "accidents" like described above cannot happen.