> > How does KWallet encrypt if no password has been set? > About as badly as one would expect. It does still generate a hash which it uses for encryption. What kwalletd does is try whether it can open a wallet with an empty password first (thus generating the same hash) and ask for one to be entered if it can't.
Obviously running with an empty password isn't really for the security- minded, but the distributions in question feel like this is the better default for their user experience. At least the user can still set a password later. Cheers, Eike
