Hacker News new | past | comments | ask | show | jobs | submit login

I thought that it did now. For example this PR: https://github.com/keepassxreboot/keepassxc/pull/3020

Edit: Also, see this PR: https://github.com/keepassxreboot/keepassxc/pull/371




https://github.com/keepassxreboot/keepassxc/issues/2718#issu...

I'd guess it's this one:

> KeePassXC also cannot prevent data extraction from a hibernation file which stores your computer's memory to disk when going to sleep.

KeePass uses DPAPI so password-storage memory is not written to swap (and I guess hibernatefile) in cleartext. Note that this doesn't protect against reading the memory directly[0].

Though (on unices) it doesn't mention mlock(2) either.

[0] https://www.securityevaluators.com/casestudies/password-mana... subsection "Exposure of Cleartext Entries in Memory" of the Keepass section


Thanks for pointing out. Nice to see progress in this direction.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: