On Thursday, April 03, 2014 08:42:32 PM Michael Pyne wrote: > On Fri, April 4, 2014 02:20:28 Valentin Rusu wrote: > > On Sunday, March 30, 2014 05:25:58 PM Michael Pyne wrote: > > > In fact the list of folders and keys present in KWallet (though > > > not their values) can be queried without unlocking KWallet, or even > > > causing > > > it to prompt to unlock. > > > > Could you please elaborate more on the possibility to enumerate the keys > > without opening the wallet? > > From the KWallet::Wallet API docs:
That's right, folder and entry names can be queried. However, KWallet data is entirely encrypted in the .kwl files. Only folder and entry name hashes are stored as-is, when using the classic backend. If using the GPG backend, all of the file contents is encrypted using QGPGME. > > bool Wallet::keyDoesNotExist(...): > > > > Determine if an entry in a folder does not exist in a wallet. > > > > This does not require decryption of the wallet. This is a handy > > optimization to avoid prompting the user if your data is certainly not in > > the wallet. > Wallet::folderDoesNotExist() has similar verbiage. > > "enumerating" is overstating the case here since there's no direct support > for enumerating folders or keys. But all the same, it's not hard at all to > brute- force potential folder or key names using the same method used to > guess valid Coinbase user identities that just hit the news. > > Of course if an attacker is running code they'd probably just find it easier > to open the .kwl directly and read the folder and key names, since > apparently those are stored unencrypted, if the API docs are to be > believed. Only folder and entry name hashes are to be found in the classic format .kwl file, as I described above. GPG wallets, on the other hand, are entirely encrypted. > > Note that there is a valid use case for this feature: It would be > tremendously annoying for a user to have to open their wallet just so an > application can verify if it does or does not have an entry stored in the > wallet. Instead the application can defer opening the wallet (and forcing > the password prompt0 until the value is actually needed. Well, that's true. That's why kwalletd compares key and folder names by hash value, for the classic backend. With GPG, the wallet is literally opened then queried. This won't prompt the password dialog though, courtesy gpg-agent. -- Valentin Rusu irc: valir
signature.asc
Description: This is a digitally signed message part.