OT: Are password programs secure?

[Boatman]

I asked this recently in alt.privacy.spyware, but never really got any
relavent answers:

If I use a password program such as Oubliette, KeePass, etc., are any
passwords even temporarily stored on the computer (temp file, clipboard,
cache, memory or such) where they can be picked off by some kind of malware
(and "sent home")?

Boatman

 

[Susan Bugher]

I asked this recently in alt.privacy.spyware, but never really got any
relavent answers:

If I use a password program such as Oubliette, KeePass, etc., are any
passwords even temporarily stored on the computer (temp file, clipboard,
cache, memory or such) where they can be picked off by some kind of malware
(and "sent home")?

Searching the ACF archives should turn up at least one fairly long
discussion about that. Here's one related tidbit I saved:

-------

Subject: ANN: Oubliette (password manager) updated
Date: Sat, 11 Jan 2003 20:21:30 +0100
From: marek jedlinski <[email protected]>
Organization: www.tranglos.com
Newsgroups: alt.comp.freeware

I've released today version 1.5.5 of Oubliette. Several small but useful
improvements are introduced in this version, especially for those who
use clipboard extender applications, such as ClipMate. I have added a
number of techniques to prevent such programs from capturing information
copied to clipboard from Oubliette.

If you're using a version earlier than 1.5, it's a good idea to upgrade.