A compacted archive could be used as an attack vector.

• Zip Bombs
• Code execution through a vulnerability in the extracting algorithm

Both of them are valid for any OS.

The cheap models can not be flashed with openwrt since they use some proprietary drivers or something.

The complete Opal series is not supporte iirc.

You want the mail-crypt-plugin in dovecot.

And how often. have you said stuff that you have not received advertising for? You will notice it when you get a positive match but not on a negative.

Data collecting companies can predict/rate your behavior for more then 20 years based. Since then. it has been perfected. They know that you are interested in those topics without having the need to waste resources on recording and analyzing every single audio stream.

Extracting the key from a TPM is actually trivial but immense time consuming.

Basically this with probably more modern chips and therefore even smaller cells. https://youtu.be/lhbSD1Jba0Q

Also sniffing is a thing since the communication between CPU und TPM is not encrypted.

TPM is not only used by the system encryption. But no i do not use it for it. Not because of privacy, cause of security reasons.

Yes you have. Please explain to me the additional context. I seem to not grasp it.

What else are they doing then asking? Doing some marketing around it? If you get pressured by that you should not lead a company.

If you don’t want a permissive license don’t license your software that way, your motivation clearly doesn’t align with these licenses anyway.

Why does asking for money not align with the licenses?

Any software potentially has security issues. The matter is how they deal with it.

You still need to store those secrets. You would probably refer to a keychain but in the end it is still a password/secret manager.

And the current implementation is not really better, services like paypal still do not allow you to use a passkey on the desktop.

That is why you use an open source manager. KeePassXC for example is not owned by a for-profit company.

Losing the container due to corruption disk failure etc can be easily managed with backups.

Losing the password. Yes this is a real valid scenario. I personally have no problem with that i manage fine for years without having to write it out on paper to backup it. A solution would be to actually write that password out somewhere and hide it/ put it into a safe. An attack then needs to attack both, depending if you use disk encryption it is easy to get access to the password safe or not. There are other things to consider, like you could try to hide it in a very long string of characters like 20 pages of random characters, even if you forget it you will be able to find it cause it is very likely that you remember a few characters.

I know a lot of services that log you out regularly. Or need a password when you change settings or whatever.

Well yea people with the “I don’t care. I just press the button and it always works” model do exist.

WTF no. Password managers are reasonable secure. That is no i don’t care behavior.

And when you are worried about password managers you should not use cookies. Stealing a cookie is much more simple than stealing and encrypting your password safe.

Differences in the thread model. And of course convince. How to you backup your paper regulary? How do you transfer it? What if you need to access a pasdword when you are not home?

Most ppl will just reuse or use very weak passwords when they have to write every password they have to enter.

Best we have and probably will ever have on the current web. Not sure what the problem is with password managers?

That was a rhetorical question towards the commenter since the discussion point was not understood.

The thing is, that you only have to share public keys and never private ones. So you can only phish public keys…

How would you sync or transfer a passkey across devices without transferring the private key?

Why do you think SSH-Keys are safe against phishing? I mean it is unlikely, that someone will just send the key per mail or upload it somewhere since most ppl using SSH-Keys are more knowledgeable.

When you now get an easy one click solution to transfer Passkeys from one Cloud provider to another it will get easier to trick a user to do that. Scenario: You get a mail from Microsoft that there is a thread and that you need to transfer your keys to their cloud.

With the ability to transfer passkeys, the attack vector phishing does not sound that far fetched. Tho i have not looked into the transfer process.

We will see i guess.

You generate a second one on the other device.

Not everyone throws their E-Mail at every Text field they see.