Pinentry: secure memory
Neal H. Walfield
neal at walfield.org
Sun Jul 26 19:40:33 CEST 2015
Hi,
At Mon, 20 Jul 2015 13:11:50 +0200,
Werner Koch wrote:
>
> On Mon, 6 Jul 2015 21:48, dkg at fifthhorseman.net said:
>
> > Is swap the only reason to use the secure memory? Defending against
>
> Yes, for Pinentry because there is only single confidential data object
> to protect and we know the places were we may want to wipe it. For
> GnuPG this is more complicated because the secure memory area is also
> used to automatically wipe malloc-ed memory before a free.
>
> > So I'm not convinced the tradeoff for secure memory is worthwhile. If
> > you're relying on graphical toolkits, you end up relying on the toolkits
> > to do the right thing anyway.
>
> Looks to me that we have a rough consensus to do away with secure memory
> in Pinentry.
I've implemented and pushed this for the gtk2 widget. See commit
f9db937.
:) Neal
More information about the Gnupg-devel
mailing list