Web lists-archives.com

Re: Chaniging focus: security ouitside a password manager




On Tuesday, April 03, 2018 01:50:45 AM Richard Hector wrote:
> On 03/04/18 01:07, rhkramer@xxxxxxxxx wrote:
> > the plaintext passwords would
> > disappear from RAM (except to the extent that (iiuc) there are (NSA) ways
> > to recover the contents of RAM if power is restored to the machine
> > fairly quickly).
> 
> I'm not sure you actually need to be the NSA for that. Anything you can
> plug in that can do DMA can probably do it - firewire is one option, but
> for something with PCI(e) or other slots you could probably plug in a
> special card (or maybe just a firewire card). I think the RAM will
> persist for a few minutes at least.

Yes, I'm sure you're right--or at least for some number of seconds--I guess I 
could look up the refresh timing requirement for a modern RAM chip, that would 
probably give an order of magnitude figure, and with safety factors that are 
surely built in, that figure could be multiplied by two or more.