secure memory for decryption buffer
Werner Koch
wk at gnupg.org
Mon Mar 19 08:38:52 CET 2012
On Sun, 18 Mar 2012 17:44, martin at gnutiken.se said:
> I'm very interested in knowing more about why keeping things in ram as a
> protection are a questionable defence these days. Could you please
> elaborate on this?
The reason you use mlock is to make sure that sensitive data does not
end up in the swap space. This is a valid concern and I implemented
this whole secure memory stuff 15 years ago as a defense against this
threat. However there is a much easier defense: Encrypt the swap space
using a random key. There is no need for any kind of key management;
the system just creates a one time key and holds this in non-pageable
kernel memory. Swapping is mostly I/O bound thus there are enough free
cycles to encrypt/decrypt the pages.
Another problem is that mlock does not help against hibernation -
eventually the content of the RAM will end up on the disk.
Yet another one is that I don't buy the arguments that it is possible to
protect a standard box against an attacker with physical access. There
is a wide range of possible attacks, the simplest one being a key logger
device.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list