LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

STEED: End-to-end email encryption

STEED: End-to-end email encryption

Posted Oct 28, 2011 13:38 UTC (Fri) by nybble41 (subscriber, #55106)
In reply to: STEED: End-to-end email encryption by josh
Parent article: STEED: End-to-end email encryption

That works securely only if the password storage system itself is secure (e.g., does not run in the same account as the user's other programs) and the user is at least alerted (securely) when a program accesses the stored credentials. Otherwise any unprivileged local exploit would grant free access to all your passwords. Full-disk encryption, by itself, meets the first requirement, but not the second--once the disk is unlocked anything running in your account can read the password list.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds