Direkt zum Hauptbereich

Posts

Posts mit dem Label "clear text" werden angezeigt.

Password Manager Security?

Some months have passed since the german IT news platform golem.de published an article reporting that password managers keep the passwords in memory unencrytped. Today I took the chance to make me my own picture of the problem. I used Keepass for my little Test. First, I created a new password database and protected it with a password. Step 1: Create a new encrypted password database Then I deleted the sample entries and created a new one with a certain password (password: "Hidden information 3214" ... whoops!). The result is, that the password is not shown in the Window. Step 2: Create an entry with a password Next, I copied the password over selecting the entry item in Keepass and pressing Ctrl+C and started a hex editor, HxD, to read out the process memory of Keepass (you could also read all processes memory). Step 3: Reading process memory of KeePass The last step was to search for a part of the password string (here: "Hidden in"). The resu...