User: Password:
|
|
Subscribe / Log in / New account

STEED: End-to-end email encryption

STEED: End-to-end email encryption

Posted Oct 28, 2011 13:38 UTC (Fri) by nybble41 (subscriber, #55106)
In reply to: STEED: End-to-end email encryption by josh
Parent article: STEED: End-to-end email encryption

That works securely only if the password storage system itself is secure (e.g., does not run in the same account as the user's other programs) and the user is at least alerted (securely) when a program accesses the stored credentials. Otherwise any unprivileged local exploit would grant free access to all your passwords. Full-disk encryption, by itself, meets the first requirement, but not the second--once the disk is unlocked anything running in your account can read the password list.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds