Web lists-archives.com

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Apr 02, 2018 at 09:07:16AM -0400, rhkramer@xxxxxxxxx wrote:
> Just continuing to think (or maybe not think ;-) about password managers /  

[...]

I don't know of the others (I never felt the need for a PW manager
myself) but...

>    * during hibernation (or maybe suspend and resume): (I use neither at the 
> present time, but, one stores the machine's state (including RAM) to disk, the 
> other stores the (CPU) state to RAM while preserving the other contents of 
> RAM.)  Hibernation could result in the plaintext of passwords being stored on 
> disk while the power is off, making the plaintext passwords vulnurable if the 
> machine is stolen.

...that would be why, should you suspend to disk and care about privacy,
you'd put your swap onto an encrypted partition (not only passwords are
vulnerable -- many things in RAM like unlocked private keys, session keys
etc. are potential targets).

Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlrCLNwACgkQBcgs9XrR2kYOOACePFCCOvj4GdwrZ2izKq9rO2cF
/2sAn11O8aeEMHFvsNO/buej8yWfVmpP
=WHsE
-----END PGP SIGNATURE-----