On Fri, Jan 23, 2015 at 10:50 AM, Peter Stuge <peter@xxxxxxxx> wrote: > John Olsson M wrote: >> it looks like OpenSSH does not cache and copy the authentication password > .. >> So I am wondering if there is any reason for doing like this? > > Data hygiene is one. Also, in my opinion as more of an admin than a developer, any bug in a routine that stores psswords temporary in plain text is *begging* to have a bug or get an unexpected modification that publishes the passwords somewhere else. Basically, never handle or store dangerous information that you don't *have* to store. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
