Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. @kim_harding

@kim_harding

Scheduled Pinned Locked Moved Uncategorized
1 Posts 1 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • david_chisnall@infosec.exchangeD This user is from outside of this forum
    david_chisnall@infosec.exchangeD This user is from outside of this forum
    david_chisnall@infosec.exchange
    wrote last edited by
    #1

    @kim_harding

    I wish people would stop boosting this. It's a complete non-story.

    There are two different policies that browsers have:

    • Load passwords once, decrypt them, have them in memory.
    • Load passwords on demand, decrypt them, and have them in memory.

    In both approaches, the passwords are encrypted on disk, the key for decrypting them is in memory. An attacker who has the ability to dump memory to get the passwords in the first approach also has the ability to dump memory and get the decryption key in the latter approach. There is no threat model that the second approach depends on that the first does not.

    1 Reply Last reply
    1
    0
    • R relay@relay.infosec.exchange shared this topic
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups