User: Password:
|
|
Subscribe / Log in / New account

STEED: End-to-end email encryption

STEED: End-to-end email encryption

Posted Oct 28, 2011 10:58 UTC (Fri) by josh (subscriber, #17465)
Parent article: STEED: End-to-end email encryption

Passphrase management does not seem like a particularly hard problem. Users shouldn't need to have more than one password: the one which unlocks their password storage system. (In my case, that password decrypts my hard drive, and everything else follows from that.)


(Log in to post comments)

STEED: End-to-end email encryption

Posted Oct 28, 2011 13:38 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

That works securely only if the password storage system itself is secure (e.g., does not run in the same account as the user's other programs) and the user is at least alerted (securely) when a program accesses the stored credentials. Otherwise any unprivileged local exploit would grant free access to all your passwords. Full-disk encryption, by itself, meets the first requirement, but not the second--once the disk is unlocked anything running in your account can read the password list.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds