![]() ![]() Also, if I want a password, there is no reason to decrypt all notes in the database in the RAM I just want a particular entry. This would allow keepass not to hand over secrets to OS for copy, etc. Keepass should negotiate a special OS privilege and prevent even OS interfering with its memory space (like an isolated VM). We have just seen how Reddit and Linkedin iOS apps capture the clipboards with every stroke.ĭata should remain encrypted in RAM until needed. Soon copies of passwords and notes appear everywhere and some programs will capture secrets. However, notes and passwords made visible, stay in plaintext in process memory even after the databas is closed. If I understood the post correctly, once you open a keepass database, the password field is encrypted in RAM. ![]() Would this occur in Linux also and keepassxc? I still use keepass and love Dominik, he is very transparent and all, he replied several times to people in sourceforge pointing this issue, but I'd like this issue to be more known and not hidden by the community. Now, I know that technically It isn't really keepass fault but windows, that's why I'm not blaming Dominik for it, but in my opinion this is still an issue that is definitely worth mentioning on his "Security issues" web page. Even, If windows doesn't cache these passwords, It's still annoying because an attacker can AT THE VERY LEAST, access it a few hours after closing your database. It is kind of dangerous, because windows can cache these passwords somewhere else, allowing an attacker to access your passwords a long time after closing it. Unfortunately, keepass fails to prevent windows from making a copy of your passwords in memory. Preventing a thief or someone seizing your computer from accessing your passwords, when the database is locked/closed.Preventing people from accessing your passwords without compromising your computer (NOT sending your passwords over the internet without your consent, NOT autofilling your passwords in malicious hidden forms, no security flaw allowing to easily decrypt.From a security point of view, keepass only has two duties: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |