Quick Unlock timeout does not count time in stand-by

[t-animal]

Let's say I have the timeout for QuickUnlock set to 1 hour. Then I unlock the database, lock it again and suspend my PC. After 12 hours or so I wake it up and unlock the database again and the quick unlock mechanism is available.

The expected behaviour would be that, as more than 1 hour has passed since I locked the database, quick unlock is disabled.

Even better would be an option to remove the password from memory on suspend and hibernate, if at all possible, to make cold boot attacks harder.

I am running KeePassQuickUnlock 2.4 on linux.

[bdurrer]

The behaviour is the same on windows. I think that it happens when the dialog is presented while the timeout did not run out yet, but then the dialog stays forever. This is a serious security bug, it allows to read the memory long after the database should be locked.