This is why ssh-agent is awesome: they don't hold the passwords in memory (only ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		niggler on March 18, 2013 \| parent \| context \| favorite \| on: Are passwords stored in memory safe? This is why ssh-agent is awesome: they don't hold the passwords in memory (only the keys) so you minimize the number of times you type password and the number of places it is stored.

ygra on March 18, 2013 [–]

But the key is what you authenticate with after all, so why go after the password when reading memory when you can go after the key directly?

niggler on March 18, 2013 | [–]

the keys expire, so even if you have it it won't be useful later.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact