[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux security issues



On Thu, 26 Oct 1995, Bill Frantz wrote:

> However, the pass phrase is not the only dangerous information. 
> Intermediate forms used for decrypting the RSA private keys, and the
> decrypted RSA private keys also have to be protected.  The logic of PGP
> requires that it keep at least one of these around for a long time, so it
> will probably be written to swap space.

Couldn't you use mmap() to map a disk file into your address space, keep 
all your secret data in that part of the address space, and then 
carefully wipe that file before exiting ?

I guess you'd then have the problem that people could just read that file
(if they had the priviledges to do so) to find all the secret data rather
than having to trawl through the swap file though.. and you'd still have
to worry about disk buffering. So it probably wouldn't be a big
improvement. 

	Mark