Re: Chaniging focus: security ouitside a password manager

To: debian-user@lists.debian.org
Subject: Re: Chaniging focus: security ouitside a password manager
From: rhkramer@gmail.com
Date: Tue, 3 Apr 2018 07:47:57 -0400
Message-id: <[🔎] 201804030747.57383.rhkramer@gmail.com>
In-reply-to: <[🔎] 31806f43-f301-501c-9086-bc348f83d5bf@walnut.gen.nz>
References: <201803251152.13825.rhkramer@gmail.com> <[🔎] 201804020907.16879.rhkramer@gmail.com> <[🔎] 31806f43-f301-501c-9086-bc348f83d5bf@walnut.gen.nz>

On Tuesday, April 03, 2018 01:50:45 AM Richard Hector wrote:
> On 03/04/18 01:07, rhkramer@gmail.com wrote:
> > the plaintext passwords would
> > disappear from RAM (except to the extent that (iiuc) there are (NSA) ways
> > to recover the contents of RAM if power is restored to the machine
> > fairly quickly).
> 
> I'm not sure you actually need to be the NSA for that. Anything you can
> plug in that can do DMA can probably do it - firewire is one option, but
> for something with PCI(e) or other slots you could probably plug in a
> special card (or maybe just a firewire card). I think the RAM will
> persist for a few minutes at least.

Yes, I'm sure you're right--or at least for some number of seconds--I guess I 
could look up the refresh timing requirement for a modern RAM chip, that would 
probably give an order of magnitude figure, and with safety factors that are 
surely built in, that figure could be multiplied by two or more.

Reply to:

References:
- Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)
  - From: rhkramer@gmail.com
- Re: Chaniging focus: security ouitside a password manager
  - From: Richard Hector <richard@walnut.gen.nz>

Prev by Date: Re: Invalid UTF-8 byte? (was: Re: utf)
Next by Date: Re: Invalid UTF-8 byte? (was: Re: utf)
Previous by thread: Re: Chaniging focus: security ouitside a password manager
Next by thread: Re: Chaniging focus: security ouitside a password manager
Index(es):
- Date
- Thread