Then again, the PDF mysteriously doesn't indicate which words are hyperlinked and so maybe I just didn't wave my cursor over enough words to find those references
Also, because the outer blogpost didn't mention it (although it is in the actual PDF) the auditor is https://molotnikov.de/cv and it says they work for AWS as a Senior Security Architect. I didn't see anything especially C++ focused, but I guess any independent audit is better than none
Even if you don't encrypt your Linux' filesystem partitions, you definately should encrypt the swap / the partition the swapfile is on. A new encryption key for the swap can be created at every boot, removing the need of an encryption password. This behaviour does make hibernation impossible, so swap encryption isn't the default on Linux distros that have opt-in encryption.
Unfortunately, it isn't enabled by default but needs kernel parameters.
I understand firmware vendors are to blame, and in many machines the system will freeze when you attempt to actually use this feature. This is unfortunate.
> The memory deallocation could be improved to not to contain secrets after the database is locked though. See https://github.com/keepassxreboot/keepassxc/issues/7335 for progress on this issue
Then again, the PDF mysteriously doesn't indicate which words are hyperlinked and so maybe I just didn't wave my cursor over enough words to find those references
Also, because the outer blogpost didn't mention it (although it is in the actual PDF) the auditor is https://molotnikov.de/cv and it says they work for AWS as a Senior Security Architect. I didn't see anything especially C++ focused, but I guess any independent audit is better than none