[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Secure Memory Deletion



Seems to me that the chip itself hardly a worry. memset() does the trick for the memory locations you are aware of. Any electrical or molecular level residues would be terribly difficult to sort out. 

The OS provides ample opportunities for unknowns though. ie, Is there some structure in memory that has the data from the user interface object used to collect the passphrase? Is there a keyboard buffer storing the last several (dozen? hundred?) keystrokes? Can 100% security be achieved at all with our current OS's?



>Mark Rosen ([email protected]) said something about Secure Memory Deletion on or about 12/1/96 4:49 PM

>	Does anyone know any papers on secure deletion of things from
>memory? That
>is one thing that most people are oblivious to, though, if a program leaves
>your unencrypted passkey laying in memory or a buffer of your plaintext,
>then all the encryption in the world won't help. Should I overwrite the 32
>times specified for hard drives, or are RAM chips easier to clear? Thanks.
>
>End of message

--j
-----------------------------------
| John Fricker ([email protected])
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------