Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you can look up the base address via AnC, is considering it to be a protected key material really correct?


I think that's why the threat model matters. I consider my SSH keys secure as long as they don't leave the local machine in plaintext form. However if the scenario changes to become "the adversary has arbitrary read access to your RAM" then that's obviously not going to work anymore.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: