https://bugs.kde.org/show_bug.cgi?id=385984
--- Comment #2 from cryptod...@libertymail.net --- I'm all for taking security seriously, maybe its good to take a look at the thread-assessment for these kind of FUSE mounts. We obviously want to make sure that users that are not 'us' do not have access to either the encrypted or decrypted files. Definitely not the decrypted, obviously, not giving access to the encrypted files is easy with filesystem permissions and as such it gives us protection against brute-forcing. The exception to this is the administrator (aka root). But we have to be honest here, root can install keystroke-loggers, change plasma-vault to one that just writes the password to a file and anything else you can come up with. Protecting against root is useless. Protecting against non-root users is actually pretty easy, just make sure that the vault is read protected (chmod 700) and you are good. With these facts, I'm personally absolutely fine that as long as I'm personally sitting behind my system, the vault is open. I honestly see no security implications doing otherwise. Your workflow doesn't reflect mine, I often switch activities just for a couple of seconds to check on the progress of something for instance. (I have an activity for all my virtual machines, for instance, where i may install a piece of software or do a system upgrade). When you write; "Vaults are meant to be smaller containers that should be open for as short as possible." I'm hoping you can make that a little more flexible to allow this software to be used for more people that don't all work the same way you do. For instance I worked in my vault for most of the day yesterday working on some data files and then some Scribus files to print those to a PDF. The vault was open for at least 6 hours. And its giving me a peace of mind that they are still "locked up" today. Thanks! -- You are receiving this mail because: You are watching all bug changes.
