ST Alpha - "I read through this last week, and while all of it is a bit too technical for me, the unencrypted part is very concerning." (Reading a Post)

SlickerTalk
Search Archives
The Leaderboard
The FAQ

Down to Post

Backboards:

Posts: 153

In response to "Once I put together that they either knew the lockers were stolen and waited until no one was paying attention to announce it or *didn't* know for " by spamlet

I read through this last week, and while all of it is a bit too technical for me, the unencrypted part is very concerning.

Posted by JaxSean (aka JaxSean) Jan 3 '23, 11:23

"Your vault encryption key always resident in memory and never wiped, and not only that, but the entire vault is decrypted once and stored entirely in memory. If that wasn't enough, the vault recovery key and dOTP are stored on each device in plain text and can be read without root/admin access, rendering the master password rather useless."

https://infosec.exchange/@epixoip/109585049354200263 (infosec.exchange)

Post by @[email protected]

View on Mastodon

Responses:

Yeah, I read that and a fair amount of the other commentary. He's not wrong about not wanting to support them further. Some of the concerns aren't -- (edited) - oblique Jan 3, 11:46

Post a message top

I read through this last week, and while all of it is a bit too technical for me, the unencrypted part is very concerning.

Replies are disabled on threads older than 7 days.