| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTi=Hv5uqEm0f1p-5crhFddeTHkbWFd-B9Xw6cXjn@mail.gmail.com> Date: Tue, 26 Oct 2010 19:57:40 +0200 From: Christian Sciberras <uuf6429@...il.com> To: coderman <coderman@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Filezilla's silent caching of user's credentials Or just in plain text under your bed. *sigh* On Fri, Oct 22, 2010 at 8:51 AM, coderman <coderman@...il.com> wrote: > On Sat, Oct 16, 2010 at 7:52 PM, dave b <db.pub.mail@...il.com> wrote: >> ... >> This is always an issue... how do you keep passwords? > > you wrap the foundation in FDE with secure bootloader. <insert discuss > the complex trade-off's of this tangent to mutual satisfaction.> > > add a dash of privileged key memory representation manangement to seed > the application / domain level password authorized key utilization > within distinct. bonus points for capabilities model or well executed > rule base. > > crypted qubes with elegant structure of key management is beauty. > alas, key management is always crux and bleeds you... pick your > reactive or proactive blood letting wisely. > > > ... or ball point pen on personage. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists