[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clear text passwords in memory



All of these asides, while amusing, do not preclude the fact that
these different daemons/clients _should_ be wiping the password memory
space when they are done with the information :) If nothing else, it'd
suck to have a ssh client free'd and have another user's process grab
it, and read the memory (although I don't know much about the
possibility of this)

jeff

> >Root can run a tty watcher and thus see your password as you type
> >it if he/she really wants to.  So yes, Theo is correct.  You can
> >encrypt whatever you like but the fact of the matter is that anything
> >can still be intercepted at the tty level with root privileges.
> 
>      Why go that far. Trojan the stinking binary.
> 
>      -Bob