Insecure memory

[Matthias Urlichs]

Hi,

Bjoern Fischer:
> Personally I would not recommend a suid root gpg executable, even
> after looking into the privileged code w/o finding any flaw. If you
> cannot trust your computer or it's hard disk, you already have lost.

However, part of the point of ensuring that the passphrase / secret key
doesn't end up on swap space is to make sure that it doesn't get picked
off by an adversary _afterwards_. One, for instance, who simply steals
the computer.

-- 
Matthias Urlichs     |     noris network AG     |     http://smurf.noris.de/