Hi Eric, thanks *a lot* for your valuable feedback! I really appreciate it. See comments inline:
Am Montag, 15. Oktober 2018 12:09:32 UTC+2 schrieb EricR: > > Since you're looking for opinions on the security concept, two questions > spring immediately to my mind: > > 1. Does the daemon keep the sensitive data in locked memory that cannot be > paged out? If so, how cross-platform is this? > No it doesn't. As of now i consider the root-user a good guy ;-) He's the only one who could access the pagefiles anyway. So is this really an issue? If yes i could use this cross-platform solution to pin the key: https://github.com/awnumar/memguard > > 2. How does the client communicate securely with the daemon? Which > encryption protocol/handshake is used for this? (If it just uses a socket, > what would prevent another process from reading out the master password?) > It's in fact a unix domain socket file which is only accessible for the owner of the key. ( Thanks for bringing this up, i forgot to flag the file correctly - it's now fixed). Relying on the file permissions in unix shouldn't be a problem, right? cheers & again - many thanks, Matthias -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
