Talking to some security folks, apparently we should be locking (i.e. we shouldn't drop the feature). So we just need to do it more precisely.
Also, even with locking, we can hit disk if we hibernate. So we should be clearing the password memory as soon as we're done with it too. (I assume we already don't hold on to those strings...)
Talking to some security folks, apparently we should be locking (i.e. we shouldn't drop the feature). So we just need to do it more precisely.
Also, even with locking, we can hit disk if we hibernate. So we should be clearing the password memory as soon as we're done with it too. (I assume we already don't hold on to those strings...)