Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5.7 update' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5.7 update
Authored by: mike666 on Jun 11, '09 04:58:29AM
As far as I can determine, in 10.5.7, neither the OS, the Finder, Safari, Mail, Remote Desktop, Directory Utility, Terminal, nor Keychain Access store any passwords in RAM in a way that shows up as plain text in the sleepimage file. I did extensive testing and a sudo grep -a password /var/vm/sleepimage (the strings command won't run on a 4GB file) yielded nothing, even after changing my user password, logging out, logging in, restarting and updating the sleepimage file after every secure access in each app. (Note that if you want to try all this yourself, once you're done you'll need to exit your Terminal session, start a new one, and then edit out the entries in your .bash_history file which contain your password.)

The only time I was able to see a password show up in the sleepimage file was after running VMWare and logging into my Vista vm. That virtual machine's password showed up twice in plain text, so if you use VMWare, that may be a cause for concern although it didn't show up alongside any other strings which would identify it as a password so without knowing what it was already I doubt if anyone but an experienced hacker could fish it out. I didn't test every single app I have installed so it's possible there may be others that aren't safe to use but in general, it appears that Apple's software is not an issue. Ideally, of course, an option to encrypt the sleepimage file along with the swapfiles would be a great addition.

BTW, my Late '08 MBP (w/7200rpm HD) updates the sleepimage file in just a few seconds when I close the lid so the time and battery issues described above shouldn't be much of an issue to users of the newer models - it's pretty seamless.

[ Reply to This | # ]

SmartSleep prefPane
Authored by: gmachen on Aug 15, '09 09:26:04AM
The best of all possible worlds:
http://www.jinx.de/SmartSleep.html

[ Reply to This | # ]