PuTTY wish pageant-hibernate
Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
summary: Discard sensitive material in Pageant on hibernation
class: wish: This is a request for an enhancement.
difficulty: fun: Just needs tuits, and not many of them.
priority: low: We aren't sure whether to fix this or not.
It's been suggested that Pageant (and anything else storing private
key material long-term) should forget (wipe) all its unencrypted keys
when a system hibernates, to avoid them being stored to disk; it
should at least reload the keys and ask for passphrases again after a
hibernation.
Apparently the windows messages BT_APMQUERYSUSPEND and PBT_APMSUSPEND
would be useful here.
Low priority because:
-
If you have physical access to the machine, then you've compromised
its security anyway; you can just install a trojan pageant which will
happily snarf the passphrases from keys for you, or perpetrate any one
of a number of other attacks.
-
Pageant doesn't currently attempt to prevent key material being
written to disk. (We don't for instance use VirtualLock(); see
virtuallock.)
If you want to comment on this web site, see the
Feedback page.
(last revision of this bug record was at 2017-04-28 16:52:45 +0100)