[144542] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (schism@subverted.org)
Wed Jul 1 00:52:12 2009
Date: Tue, 30 Jun 2009 10:34:12 -0600
From: schism@subverted.org
To: cryptography@metzdowd.com
In-Reply-To: <4A49B0DC.4060503@appelbaum.net>
On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
> This would be great if LoginWindow.app didn't store your unencrypted
> login and password in memory for your entire session (including screen
> lock, suspend to ram and hibernate).
For what it's worth this only happens at login and doesn't reopen when
unlocking the screen. I have conditioned myself to lock my keychain
upon login and see no ill effects; there still remains the question of
whether locking a keychain actually does anything to wipe the
credentials from memory.
As an aside, I was wrong about the discontinuation of the SWT
PasswordSafe. It seems the passwordsafe team split it off as a separate
project, available at http://sourceforge.net/projects/jpwsafe. That
said, their latest release doesn't work out of the box on Leopard due to
their bundling a 32-bit version of SWT.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
