Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index


On 23/08/12 22:15, Tor Lillqvist wrote:
But if the password is used to load or save encrypted documents, then
the contents of the document (which the so carefully erased password
protects) is loaded into memory in plain-text, and is equally readable
by an adversary that has access to the virtual memory of your process,
and might get paged out to disk. So what's the win?

that is true for the document that is protected by the password.
but in practice that same password may not only give access to that one
document, but also let an attacker do other nefarious things like log on
to twitter and impersonate the user's cat.



Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.