Good point.
-
Good point. I only remember 2 passwords: Password manager and computer. Normally a conservative analysis would assume password leaked in hashed form and cracked offline. But on my Mac, if I understand correctly, the risk of leakage should be zero-ish, no?
Jamie McCarthy (@[email protected])
@[email protected] I can’t really answer this without knowing the plausible attack vectors. My answer for a password someone can try to brute force offline, with as much compute as they could throw at it, is very different from a password I can assume the attacker only has rate-limited web attempts at, or one where attempts go through my phone’s secure enclave.
Mastodon (mastodon.social)
-
Yumechi | ゆめち | :ferris: :haskell: Wheel Inventorreplied to Tim Bray last edited by
@[email protected] Excluding keyloggers, assuming the key is not tied to an enclave (at least true for all cross platforms password managers I know of) the only possible vector is some kind of local information leak (a hostile app, memory vulns, a leaked backup etc.) If you trust that nothing bad will ever get to your computer yes it is safe, otherwise it is not: the password will be the last defense.
(Creds: former cyber security analyst) -
Tim Brayreplied to Yumechi | ゆめち | :ferris: :haskell: Wheel Inventor last edited by
@yume I thought the Mac's security claims were stronger than that, with the Secure Enclave and so on?
-
Tim Brayreplied to Yumechi | ゆめち | :ferris: :haskell: Wheel Inventor last edited by
@yume Right, but on the Mac the Secure Enclave is a basic part of the security posture, no?