Re: Chaniging focus: security ouitside a password manager
- Date: Tue, 3 Apr 2018 07:47:57 -0400
- From: rhkramer@xxxxxxxxx
- Subject: Re: Chaniging focus: security ouitside a password manager
On Tuesday, April 03, 2018 01:50:45 AM Richard Hector wrote:
> On 03/04/18 01:07, rhkramer@xxxxxxxxx wrote:
> > the plaintext passwords would
> > disappear from RAM (except to the extent that (iiuc) there are (NSA) ways
> > to recover the contents of RAM if power is restored to the machine
> > fairly quickly).
> I'm not sure you actually need to be the NSA for that. Anything you can
> plug in that can do DMA can probably do it - firewire is one option, but
> for something with PCI(e) or other slots you could probably plug in a
> special card (or maybe just a firewire card). I think the RAM will
> persist for a few minutes at least.
Yes, I'm sure you're right--or at least for some number of seconds--I guess I
could look up the refresh timing requirement for a modern RAM chip, that would
probably give an order of magnitude figure, and with safety factors that are
surely built in, that figure could be multiplied by two or more.