On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:
| On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
| This would be great if LoginWindow.app didn't store your unencrypted
| login and password in memory for your entire session (including screen
| lock, suspend to
Adam Shostack a...@homeport.org writes:
On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:
| On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
| This would be great if LoginWindow.app didn't store your unencrypted
| login and password in memory for your entire
On Wed, Jul 01, 2009 at 11:03:13AM -0400, Adam Shostack wrote:
On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:
| On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
| This would be great if LoginWindow.app didn't store your unencrypted
| login and password in
On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote:
I think he's pointing out a more general problem.
Indeed. IIRC, the Mac keychain uses your login password as its passphrase
by default, which means that to keep your keychain unlocked requires
either keeping the password around
I should add that a hardware token/smartcard, would be even better, but
the same issue arises: keep it logged in, or prompt for the PIN every
time it's needed? If you keep it logged in then an attacker who
compromises the system will get to use the token, which I bet in
practice is only
On Wed, Jul 01, 2009 at 01:06:05PM -0500, Nicolas Williams wrote:
| On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote:
| I think he's pointing out a more general problem.
|
| Indeed. IIRC, the Mac keychain uses your login password as its passphrase
| by default, which means that
On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote:
|
| Adam Shostack a...@homeport.org writes:
| On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:
| | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
| | This would be great if LoginWindow.app
On 07/01/2009 02:10 PM, Nicolas Williams wrote:
I should add that a hardware token/smartcard, would be even better, but
the same issue arises: keep it logged in, or prompt for the PIN every
time it's needed? If you keep it logged in then an attacker who
compromises the system will get to use
On Jun 28, 2009, at 4:05 PM, Ivan Krstić wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
System applications and non-broken 3rd party applications on OS X
store credentials in Keychain, which is a system facility for
keeping secrets. Your user keychain
Ivan Krsti? wrote:
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
System applications and non-broken 3rd party applications on OS X store
credentials in Keychain, which is a system facility for keeping
On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
This would be great if LoginWindow.app didn't store your unencrypted
login and password in memory for your entire session (including screen
lock, suspend to ram and hibernate).
For what it's worth this only happens at login and
On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
This would be great if LoginWindow.app didn't store your unencrypted
login and password in memory for your entire session (including screen
lock, suspend to ram and hibernate).
I keep hearing that Apple will close my bug about
Does anyone have a recommended encrypted password storage program for
the mac?
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
I use 1Password, and I've been very happy. Good integration with the
iPhone.
http://agilewebsolutions.com/products/1Password
-Bob
On Jun 27, 2009, at 9:57 PM, Perry E. Metzger wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
Perry
Bob Mahoney bob...@mit.edu writes:
Does anyone have a recommended encrypted password storage program for
the mac?
I use 1Password, and I've been very happy. Good integration with the
iPhone.
The fact that it isn't open source worries me a bit -- it means I can't
verify that it does things
On 28.06.2009, at 20:34, Perry E. Metzger wrote:
The fact that it isn't open source worries me a bit -- it means I
can't
verify that it does things correctly. Also, it integrates heavily with
lots of things, which makes me further worry about bugs. I'm looking
for
something very simple if
Thorsten Holz thorsten.h...@informatik.uni-mannheim.de writes:
On 28.06.2009, at 20:34, Perry E. Metzger wrote:
The fact that it isn't open source worries me a bit -- it means I
can't
verify that it does things correctly. Also, it integrates heavily with
lots of things, which makes me
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
I would recommend the built-in keychain for anything that it works with.
Jon
-
Bill Frantz fra...@pwpconsult.com writes:
pe...@piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:
It has problems. Among other things, it only mlocks your session key
itself into memory, leaving both the AES key schedule (oops!) and the
decrypted data (oops!) pageable into swap.
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
System applications and non-broken 3rd party applications on OS X
store credentials in Keychain, which is a system facility for keeping
secrets. Your user
pe...@piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:
It has problems. Among other things, it only mlocks your session key
itself into memory, leaving both the AES key schedule (oops!) and the
decrypted data (oops!) pageable into swap. (Why bother mlocking the text
of the key if
Jon Callas j...@callas.org writes:
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
I would recommend the built-in keychain for anything that it works with.
There are some things it doesn't work with that are
On Sat, Jun 27, 2009 at 09:57:39PM -0400, Perry E. Metzger wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
The PasswordSafe project also produces a Java variant PasswordSafeSWT
that seems to run well enough on OSX. It may be a large assumption, but
one
I'm using 1password, but mostly because of the UI, I haven't done a
cryptanalysis of it. the wifi sync to the iphone is a little
worrisome.
Adam
On Sat, Jun 27, 2009 at 09:57:39PM -0400, Perry E. Metzger wrote:
|
| Does anyone have a recommended encrypted password storage program for
| the
24 matches
Mail list logo