> On Feb. 7, 2014, 5:14 a.m., Michael Pyne wrote: > > kwalletd/backend/kwalletbackend.cc, line 387 > > <https://git.reviewboard.kde.org/r/115497/diff/1-2/?file=242022#file242022line387> > > > > Again, might want to add error-checking here. If the salt can't be > > saved for whatever reason then we don't want to destroy an existing > > old-style wallet by mistake. > > > > It looks like it would be as simple as returning an empty QByteArray if > > an error is detected.
The check is done in Backend::setPassword, if the resulting salt is empty then we do not use the new hash. In Backend::createAndSaveSalt I'm not sure I can add any extra check besides the return of QIODevice::write, but if that files you have bigger problems... Also from what I see in gcrypt code gcry_random_bytes can't return null, it doesn't seem to have any error reporting. - Àlex ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/115497/#review49163 ----------------------------------------------------------- On Feb. 6, 2014, 3:28 p.m., Àlex Fiestas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/115497/ > ----------------------------------------------------------- > > (Updated Feb. 6, 2014, 3:28 p.m.) > > > Review request for KDE Runtime, Teo Mrnjavac and Valentin Rusu. > > > Repository: kde-runtime > > > Description > ------- > > Uses the MINOR_VERSION (which until now it was 0) to upgrade the hash from > SHA to PBKDF2-SHA512+salt. > I would have loved to completely replace it once the wallet is ported to the > new hashing but because > of kwalletd code that is not possible without a bigger rewrite. > > There are 2 reasons for this patch: > 1-We avoid using our own implementation of SHA > 2-We use a modern hashing technique > > I'm cooking more patches to use the system user password to open the wallet, > we want that password to be > hashed using PBKDF2_SHA512 for security reasons. > > > Diffs > ----- > > CMakeLists.txt 275a6c7 > cmake/modules/FindLibGcrypt.cmake PRE-CREATION > kwalletd/backend/CMakeLists.txt 5a5837c > kwalletd/backend/backendpersisthandler.cpp bdef6ca > kwalletd/backend/kwalletbackend.h 83ebf7f > kwalletd/backend/kwalletbackend.cc e4d461c > > Diff: https://git.reviewboard.kde.org/r/115497/diff/ > > > Testing > ------- > > > Thanks, > > Àlex Fiestas > >