Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 15:50:13 -0400
From: Rich Rumble <>
Subject: Re: Arstechnica Password article (feat. Matt Weir)

On Tue, Aug 21, 2012 at 3:16 PM, Jeffrey Goldberg <> wrote:
> Not everyone likes or agrees with the approach that we have taken, but people looking for password managers also have this choice in which password manager architecture they want.
Do any password managers use "keyfiles" like TrueCrypt or FreeOTFE do,
so as to to avoid keyloggers? I love using passwords plus keyfiles, I
think of them as a captcha I never have to read :) I'm sure a
rootkit/malware could also keep track of the keyfile that was used,
but until that become a more popular "2nd factor" I don't see it
happening. Thwarting keyfiles or other 2nd factors one would just wait
until the password manager is unlocked and grab the PT from the memory
section and parse it out(however that would work). I guess in the end
there are always risks and tradeoffs to each service/software, you
just have to pick the ones you think offer the best tradeoff's for you
and yours.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.