This is an issue for the PAM stack, not for xscreensaver. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xscreensaver in Ubuntu. https://bugs.launchpad.net/bugs/1224724
Title: Option to overwrite encryption key in memory on locking Status in xscreensaver package in Ubuntu: New Bug description: I'm using Ubuntu 13.10 dev with xscreensaver 5.15-3ubuntu1. If the filesystem is encrypted (for example with ecryptfs) and the screen is locked the encryption key still resides in memory. Anybody with physical access could make a cold boot attack to get this key. The only solution is to logout from all instances so that the encryption key gets overriden. xscreensaver could provide an option to override this key too on locking the screen. The key will then be recovered if the user unlocks the screen with entering his password. But this has one disadvantage: As the user session is still open any running application could try to access the non-readable-anymore user directory. Normally nothing special should happen but applications with programming errors could crash. But if this happens it will be resolved in the future. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xscreensaver/+bug/1224724/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
