Do Memory Dumps contain passwords?

The Windows directory can sometimes contain a Memory.dmp file which can contain useful information if the system crashes. I've been asked by software vendors to send them the memory dump after their software causes a crash. I've read somewhere that when you unlock 1password, the whole database is decrypted in memory and even if you lock it, it may stay decrypted in memory. So could the memory dump contain all your decrypted passwords? I'm questioning whether it's safe to send this file to a vendor or not. Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @kurtd - these memory dump files certainly do exist, and sometimes they can contain sensitive information from various processes on your PC. As of 1Password 7.4.750 for Windows, which was released March 6, we re-wrote much of the relevant language in Rust, which significantly increases our ability to limit what is in memory and for how long. You can read more about the issue here.

    In addition, 1Password for Windows is already coded to opt-out of Windows Error Reporting, which means our own crashed are never dumped nor sent to anyone. You can also configure Windows yourself to not generate dumps in the event of system failures, if you like*. If you've installed software on your PC that includes complete memory dumps in any form of telemetry package without the very clear and explicit permissions from you, that is a compromised system right away. And if a third party is doing this, that's malware you need to remove from your system. No legitimate software should do this without very clearly explaining to you up front that they wish to do it, and getting your opt-in.

    If a vendor is requesting you to send them a memory dump, you can choose to review it yourself or create a more-narrow dump for their purposes. I would not recommend sending an entire memory dump to a developer; it may contain information beyond 1Password that should remain private.


    • You can find it the settings by opening Windows File Explorer, right-clicking on Computer on Windows 7 or This PC on Windows 10, to select Properties. Now, click on Advanced system settings on left sidebar and then go to Advanced tab to click Settings under Startup and Recovery. You can then adjust the settings for System failure, turn off the debugging information or use the more narrow dumps.
This discussion has been closed.