undefined | Better HN

0 pointsdrdec4y ago0 comments

Not all of your passwords will be in memory. I don't know how you read a password from "webpages".

Session tokens do not exist for websites you are not currently accessing. The password file will contain all the saved passwords, whether you are logged in or not.

0 comments

2 comments · 2 top-level

staticassertion4y ago

> Not all of your passwords will be in memory.

They almost certainly will be, but the key will be if they aren't.

> I don't know how you read a password from "webpages".

Like a billion ways. Inject JS, log keys, install malicious extension, blah blah blah

> Session tokens do not exist for websites you are not currently accessing.

I'm just enumerating the billion ways that encryption is made pointless.

> he password file will contain all the saved passwords, whether you are logged in or not.

And the attacker can just access it lol

Maybe in a world where full disk encryption wasn't ubiquitous you could talk about an offline attack, and you could tell me you share your computer with someone who's not tech savvy but is an asshole. But it's all gonna be pretty niche.

xboxnolifes4y ago

> I don't know how you read a password from "webpages"

When you enter your password to login.

j / k navigate · click thread line to collapse