Comment on Edge may reportedly leak all your passwords easily and Microsoft says it's "by design"
possiblylinux127@lemmy.zip 3 weeks ago
This requires reading application memory
Comment on Edge may reportedly leak all your passwords easily and Microsoft says it's "by design"
possiblylinux127@lemmy.zip 3 weeks ago
This requires reading application memory
kogasa@programming.dev 3 weeks ago
Seems like a pretty basic security precaution to avoid loading decrypted secrets into memory before they’re needed. Someone who can access application memory can already own you but there isn’t really a good reason why they should be able to access secrets that you never accessed while they were in.
possiblylinux127@lemmy.zip 3 weeks ago
At some point they will need to be decrypted anyway
I think this was done for performance and simplicity
kogasa@programming.dev 3 weeks ago
Yep, and at that point they will be in memory until a reasonable time to clean up. But decrypting the whole password database and leaving it there forever seems needlessly unsafe.