Author Topic: Encrypted memory storage  (Read 5136 times)

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Encrypted memory storage
« on: September 21, 2005, 03:07:31 AM »
I know that when you choose to store the master password into memory, the program says the password is encrypted, but what about the value of the password field (which is always in memory when the dialog is open actually), do you happen to handle that at all?
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Encrypted memory storage
« Reply #1 on: September 21, 2005, 03:24:12 AM »
Internally in memory, the PasswordMaker Browser Extension stores the master password encrypted. However, whenever it must display the master password, the master password is decrypted. Unfortunately, there is no way around this. The PasswordMaker Browser Extension does its best to proactively clear sensitive memory after it is needed, but this is not fool-proof. If someone were to:and know where to look, he likely could find the master password (decrypted).

Just as there are no guarantees in life, the same is true with PasswordMaker :)

Let me know if you have other questions,
Eric
« Last Edit: September 21, 2005, 03:25:02 AM by Eric H. Jung »

PasswordMaker Forums

Encrypted memory storage
« Reply #1 on: September 21, 2005, 03:24:12 AM »