Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Apr 02, 2018 at 09:07:16AM -0400, rhkramer@gmail.com wrote:
> Just continuing to think (or maybe not think ;-) about password managers /
[...]
I don't know of the others (I never felt the need for a PW manager
myself) but...
> * during hibernation (or maybe suspend and resume): (I use neither at the
> present time, but, one stores the machine's state (including RAM) to disk, the
> other stores the (CPU) state to RAM while preserving the other contents of
> RAM.) Hibernation could result in the plaintext of passwords being stored on
> disk while the power is off, making the plaintext passwords vulnurable if the
> machine is stolen.
...that would be why, should you suspend to disk and care about privacy,
you'd put your swap onto an encrypted partition (not only passwords are
vulnerable -- many things in RAM like unlocked private keys, session keys
etc. are potential targets).
Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlrCLNwACgkQBcgs9XrR2kYOOACePFCCOvj4GdwrZ2izKq9rO2cF
/2sAn11O8aeEMHFvsNO/buej8yWfVmpP
=WHsE
-----END PGP SIGNATURE-----
Reply to: