I‘ve been thinking about password managers a lot lately. More specifically about what malware could do (and not do) on a compromised machine using a password managers (e.g., 1Password).<p>I’m no operating systems expert and would love to know how far an program with or without root access could go reading the password managers data. This might differ on different host OS (Linux vs macOS vs Windows).<p>Let us assume a standard master-key plus master-password setup. We also assume a hosted data service by the provider (i.e, they encryptedly store everything, except master-key and master-password).<p>Obviously a malware could access the clipboard and thus get each password copied to the clipboard. But how far does it go? Can we access password in-memory when the vault is unlocked? etc.<p>Can malware access the master-key?
Can malware access the master-password? How? Only via keyloggers?
Can malware access all passwords when vault is unlocked?
Can malware access anything in RAM?
What could malware do when sniffing network connections?<p>Thanks for indulging me! Would be great to get some understanding from experts in OS or password managers.