Date: Tue, 21 Aug 2012 15:50:13 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: Arstechnica Password article (feat. Matt Weir) On Tue, Aug 21, 2012 at 3:16 PM, Jeffrey Goldberg <jeffrey@...dmark.org> wrote: > Not everyone likes or agrees with the approach that we have taken, but people looking for password managers also have this choice in which password manager architecture they want. Do any password managers use "keyfiles" like TrueCrypt or FreeOTFE do, so as to to avoid keyloggers? I love using passwords plus keyfiles, I think of them as a captcha I never have to read :) I'm sure a rootkit/malware could also keep track of the keyfile that was used, but until that become a more popular "2nd factor" I don't see it happening. Thwarting keyfiles or other 2nd factors one would just wait until the password manager is unlocked and grab the PT from the memory section and parse it out(however that would work). I guess in the end there are always risks and tradeoffs to each service/software, you just have to pick the ones you think offer the best tradeoff's for you and yours. -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.