Also theres a bunch of articles online about how keychain isn’t that secure. Sad.
Haha we’re thinking about switching to a file because keychain is annoying nostr:npub1fgz3pungsr2quse0fpjuk4c5m8fuyqx2d6a3ddqc4ek92h6hf9ns0mjeck
Discussion
even if a keychain was somehow secure and restricted access to that program only, you are only a memory dump away from getting the key
and since it’s same user that can be done with no privileges
it should be viewed as a way to delegate encryption at rest of secrets to the OS, nothing else
but you really should just do FDE
also bitlocker can kindly eat shit because it is set up with TPM dependance by default
so if you even dare to boot a linux ISO with secure boot on, that will cause a change to the EFI keys list to add your distribution key and change the PCRs, therefore invalidating the TPM key and make bitlocker ask you for the recovery key stored on your MS account you were never told about
