Web lists-archives.com

Re: Chaniging focus: security ouitside a password manager




On 4/3/18, Richard Hector <richard@xxxxxxxxxxxxx> wrote:
> On 03/04/18 01:07, rhkramer@xxxxxxxxx wrote:
>> the plaintext passwords would
>> disappear from RAM (except to the extent that (iiuc) there are (NSA) ways
>> to
>> recover the contents of RAM if power is restored to the machine fairly
>> quickly).
>
> I'm not sure you actually need to be the NSA for that. Anything you can
> plug in that can do DMA can probably do it - firewire is one option, but
> for something with PCI(e) or other slots you could probably plug in a
> special card (or maybe just a firewire card). I think the RAM will
> persist for a few minutes at least.


Speaking firsthand, for those worried that much about the possibility,
one thing is to add more than ample memory so that RAM has some place
to go quickly.

Just yesterday, my RAM was still *maxxed out* a half hour or so after
I logged back in from having been away from the computer. THAT was
because hardware memory was maxxed out k/t 320+ open (although not
active) browser tabs. It hadn't crossed my mind as to potential
negative consequences of RAM just hanging there until reading the
above.

Am working on my personal lack of enough (computer) memory issue, but
in the meantime, its glass half full side is that it shows what can
and does happen timely to what's being chatted here. Chalked it up on
the win side. :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *