Mon, 28 Jun 1999 16:19:20 +0100 (WET DST)
> Michael Roth wrote:
> > When you think about you will note that everone who is able to get access
> > with privileges to read out the paging area of the disk is also able to
> > manipulate the system in all possible ways including substituting the gpg
> > binary with a manipulated one.
> Isn't the problem that things written to the paging area can be read out
> after the event? If I was raided by the secret police, there might be
> something in my paging file that they could use. On the other hand, if
> they gave me the machine back I would be unlikely to use it without
> checking very carefully that the gpg binary (and kernel, etc.) had not
> been interfered with.
> What would be quite nice is a way of telling the kernel that a
> particular page must be encrypted before being written to swap. If the
> machine is powered off, the session key is lost and so the page is
> unrecoverable. This would be better than locking a page in physical
> memory because there would be no need to restrict its use. The CPU time
> taken to encrypt and decrypt would be charged to the process concerned
> so it would not introduce any scheduling "unfairness".
What if all pages which are 'freed' are zero filled. I.e. when the memory
is no longer needed and/or the program is quit.
If this is done, the only time the machine is in risk, is the time the
software runs. After which the memory is clear from the text, and the
swap is cleared..
BTW. is there some kind of vi with encryption? meaning the plain-text is
never written to HD?
just my 2 cents.
Thomas Zander email@example.com
History repeats itself, it has to, nobody ever listens