Insecure memory

Matthias Urlichs
Fri Mar 16 02:34:01 2001


Bjoern Fischer:

> Personally I would not recommend a suid root gpg executable, even
> after looking into the privileged code w/o finding any flaw. If you
> cannot trust your computer or it's hard disk, you already have lost.
However, part of the point of ensuring that the passphrase / secret key doesn't end up on swap space is to make sure that it doesn't get picked off by an adversary _afterwards_. One, for instance, who simply steals the computer. -- Matthias Urlichs | noris network AG |