WingNews logo WingNews
top | item 38554471

(no title)

kenniskrag | 2 years ago

yes because more than one process can access the file.

A "password manager" provides a defined api and schields the password away from everything. It can also ask the user if process x can access the key y.

discuss

order

iforgotpassword|2 years ago

If a user has access to your machine to steal the password, why not just steal the data that's protected by it? Or add another device to syncthing? Install a keylogger. Rootkit.

kenniskrag|2 years ago

Generally it depends on the threat vector.

* Do you trust the hardware

* Do you trust the OS

* Do you trust the user

* Do you trust the software

On a rootkit you don't trust the OS anymore. So a safe location inside the OS space isn't an option anymore. But often you are not a root user (e.g. android, windows in a corporate environment)

If you have OS backups there is a risk it is readable by others (e.g. cloud, different IT department). There is also a risk a user uploads the config somewhere.

If you want to rotate keys you would have to search all keys compared to a centralized location.