[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



 Developers using the current version of PGPtools
should becareful to add keyspace FIFO and passphrase
"burns" to their applications to insure that
security critical information is NOT left carelessly
in memory... while PGP 2.3A is VERY scrupulous,
PGPTools package does NOT have sufficient internal checks and "burns"
at present...this is left to the developer at pressent...
I also noted a fifo_unlink routine where a burn should
be performed prior to the unlink from the FIFO queue...


       Anon