Forums Community Axcrpyt and Windows hibernation security vulnerability

This topic contains 2 replies, has 1 voice, and was last updated by  Marvin 2 months, 1 week ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #38166 Reply

    Dale

    When a user hibernates Windows, all memory contents are copied to the hard drive.  If encryption software such as Axcrypt is running when they do this, any passwords or keys in memory will also be written to the hard drive, allowing a hacker with physical access to the computer to retrieve those keys from the hard drive and decrypt all the user’s files encrypted with them.

    Does Axcrypt take any steps to resolve this security issue (eg. zeroing out memory allocated to the application on closing)?

     

     

     

     

    #38189 Reply

    Dale

    Admins please have an Axcrypt technician/developer respond to this question.  It is a major potential security issue and users need to know.

    #38698 Reply

    Marvin

    Dale,

    AxCrypt destroys the encryption keys once it gets locked out. Whenever you restart your/ sign out of AxCrypt or lock your desktop environment or put your computer to sleep/hibernate or your screensaver starts then AxCrypt clears your encryption keys. But, in case if you have decrypted a file for viewing or any update and forget to re-encrypt it before performing actions like hibernation, it may get exposed. It is better that you take care of decrypted files and encrypt them safely back.

Viewing 3 posts - 1 through 3 (of 3 total)
Reply To: Axcrpyt and Windows hibernation security vulnerability
Your information: