On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote: > This would be great if LoginWindow.app didn't store your unencrypted > login and password in memory for your entire session (including screen > lock, suspend to ram and hibernate).
For what it's worth this only happens at login and doesn't reopen when unlocking the screen. I have conditioned myself to lock my keychain upon login and see no ill effects; there still remains the question of whether locking a keychain actually does anything to wipe the credentials from memory. As an aside, I was wrong about the discontinuation of the SWT PasswordSafe. It seems the passwordsafe team split it off as a separate project, available at http://sourceforge.net/projects/jpwsafe. That said, their latest release doesn't work out of the box on Leopard due to their bundling a 32-bit version of SWT. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
