![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1154663
http://bugzilla.opensuse.org/show_bug.cgi?id=1154663#c6
--- Comment #6 from kolA flash
pam_kwallet is a huge step ahead in safety and usability. For example everyone using openSUSE on a notebook will probably store the wifi passwords safely in kwallet. But entering the user password twice on login is just senseless. (actually KWallet might not just be used for wifi, but for a lot more like ssh passphrases)
That's the usability aspect, but not the safety one.
Actually alternatively people may store passwords in plaintext. And so it becomes an security aspect.
And I suggest to simply default to blowfish. At least that's what the native KDE distro "Neon" does. https://neon.kde.org
The distro which installed and enabled pam_kwallet by default before looking at the code, which was so bad it allowed everyone to become root? Not a great example...
Point taken.
Configuring GPG is also little more work and maybe not something every KDE user wants to do. So by default there should be simply a KWallet being created with blowfish and made accessible via pam_kwallet. I think that's by far the best choice for inceasing security and usability.
I agree that making blowfish the default option is worth considering, but not hiding the choice altogether. This choice needs to be made upstream by KWallet devs though, not here in openSUSE.
Just created a ticket: https://bugs.kde.org/show_bug.cgi?id=413314
pam_kwallet should not be installed by default, as using it means that the wallet has to be unlocked permanently after login, exposing all contents over DBus, even after locking the screen, suspend, etc.
That's a point. But the resulting user experience - especially regarding using encrypted wifi's - is really bad. Any other ideas how to solve this!? -- You are receiving this mail because: You are on the CC list for the bug.