pam_kwallet is a huge step ahead in safety and usability. For example everyone using openSUSE on a notebook will probably store the wifi passwords safely in kwallet. But entering the user password twice on login is just senseless. (actually KWallet might not just be used for wifi, but for a lot more like ssh
http://bugzilla.opensuse.org/show_bug.cgi?id=1154663
http://bugzilla.opensuse.org/show_bug.cgi?id=1154663#c5
Fabian Vogt
And I suggest to simply default to blowfish. At least that's what the native KDE distro "Neon" does. https://neon.kde.org
The distro which installed and enabled pam_kwallet by default before looking at the code, which was so bad it allowed everyone to become root? Not a great example...
Configuring GPG is also little more work and maybe not something every KDE user wants to do. So by default there should be simply a KWallet being created with blowfish and made accessible via pam_kwallet. I think that's by far the best choice for inceasing security and usability.
I agree that making blowfish the default option is worth considering, but not hiding the choice altogether. This choice needs to be made upstream by KWallet devs though, not here in openSUSE. pam_kwallet should not be installed by default, as using it means that the wallet has to be unlocked permanently after login, exposing all contents over DBus, even after locking the screen, suspend, etc. -- You are receiving this mail because: You are on the CC list for the bug.