[144546] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jul 1 12:35:29 2009
To: Adam Shostack <adam@homeport.org>
Cc: Nicolas Williams <Nicolas.Williams@sun.com>,
Jacob Appelbaum <jacob@appelbaum.net>,
Ivan Krsti?? <krstic@solarsail.hcs.harvard.edu>,
cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 01 Jul 2009 12:32:40 -0400
In-Reply-To: <20090701150313.GA25352@homeport.org> (Adam Shostack's message of "Wed\, 1 Jul 2009 11\:03\:13 -0400")
Adam Shostack <adam@homeport.org> writes:
> On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:
> | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
> | > This would be great if LoginWindow.app didn't store your unencrypted
> | > login and password in memory for your entire session (including screen
> | > lock, suspend to ram and hibernate).
> | >
> | > I keep hearing that Apple will close my bug about this and they keep
> | > delaying. I guess they use the credentials in memory for some things
> | > where they don't want to bother the user (!) but they still want to be
> | > able to elevate privileges.
> |
> | Suppose a user's Kerberos credentials are about to expire. What to do?
>
> What fraction of mac users are using Kerberos?
I think he's pointing out a more general problem.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
