BK834

Breaking VeraCrypt: Obtaining and Extracting On-The-Fly Encryption Keys VeraCrypt Unencrypted Data in RAM Certainly better than no disk encryption at all. But VeraCrypt will still have the problem of needing it's keys sitting in RAM (although you can enable memory encryption and take a significant performance hit). If your concern is having your laptop stolen while it contains a hibernation memory dump, then FDE can certainly be a benefit. The better solution is to disable swap and hibernation and...

Breaking VeraCrypt: Obtaining and Extracting On-The-Fly Encryption Keys VeraCrypt Unencrypted Data in RAM Certainly better than no disk encryption at all. But VeraCrypt will still have the problem of needing it's keys sitting in RAM. You can enable memory encryption and take a significant performance hit. If your concern is having your laptop stolen while it contains a hibernation memory dump, then FDE can certainly be a benefit. The better solution is to disable swap and hibernation and don't have...

any machine that is compromised enough for it to be possible has already had everything stolen This is a bad security philosophy. Defense in Depth is a better security posture to adopt. There are many, many possible attack scenarios where the attacker can obtain the database file and a memory dump from a crash, hibernation or swap... without a full system compromise. As I wrote previously regarding February's security flaw, there are different levels of access, and you should not always assume "game...

Breaking VeraCrypt: Obtaining and Extracting On-The-Fly Encryption Keys VeraCrypt Unencrypted Data in RAM Certainly better than no disk encryption at all. But VeraCrypt will still have the problem of needing it's keys sitting in RAM. You can enable memory encryption and take a significant performance hit. If your concern is having your laptop stolen while it contains a hibernation memory dump, then FDE can certainly be a benefit. The better solution is to disable swap and hibernation and don't have...

Breaking VeraCrypt: Obtaining and Extracting On-The-Fly Encryption Keys VeraCrypt Unencrypted Data in RAM Certainly better than no disk encryption at all. But VeraCrypt will still have the problem of needing it's keys sitting in RAM. You can enable memory encryption and take a significant performance hit. If your concern is having your laptop stolen while it contains a hibernation memory dump, then FDE can certainly be a benefit. The better solution is to disable hibernation and don't have your user...

Criticality depends on your risk profile. A person in the US might not have the threats that say, a journalist in Russia would have. LE threat vectors are still a significant concern. People all around the world trust Keepass to secure passwords to things they don't want the state to know. When a suspect is raided, it happens when the computer is unlocked and disk encryption is meaningless. With default settings, it is general practice to keep the keepass database locked when not actively using it....

Criticality depends on your risk profile. A person in the US might not have the threats that say, a journalist in Russia would have. LE threat vectors are still a significant concern. People all around the world trust Keepass to secure passwords to things they don't want the state to know. When a suspect is raided, it happens when the computer is unlocked and disk encryption is meaningless. With default settings, it is general practice to keep the keepass database locked when not actively using it....

Prompt added in 2.53.1 https://keepass.info/news/n230109_2.53.html