undefined | Better HN

0 pointsgruez6y ago0 comments

AFAIK the only thing it protects you from is generic malware that scans process memory for passwords. It’s trivial to bypass though: all you need to do is patch the code as it’s running to dump all the plaintext entries for you.

> there are 1000 other possible exploits that are cheaper / easier to perform (ie. keylog, screen capture, etc).

Keepass has mitigations for those as well.

0 comments

masklinn6y ago

> AFAIK the only thing it protects you from is generic malware that scans process memory for passwords.

Apparently it doesn't even do that: https://www.securityevaluators.com/casestudies/password-mana... (section Keepass)

Possibly because keepass uses the wrong flag? https://docs.microsoft.com/en-us/dotnet/api/system.security.... seems to say that the memory segment can be decrypted by either:

* all processes running on the box

* all processes owned by the same user

* only this process

Alternatively, might be because C# and the memory protection primitives don't prevent the GC from copying its data out of the protected area? IDK

edit: ah, or they might be using ProtectedData rather than ProtectedMemory, that only has the "same machine" and "same user" levels of protection: https://docs.microsoft.com/en-us/dotnet/api/system.security....

j / k navigate · click thread line to collapse