removing the secmem warning

Frank Tobin ftobin@neverending.org
Mon Jan 7 20:22:02 2002


Justin R. Miller, at 13:39 -0500 on 2002-01-07, wrote:

> Annoying it may be, it does raise the issue of secure memory, which is
> important to be aware of.

I'm not convinced this is true.  I truly wonder if 90% of GnuPG users care
if sensitive data is temporary swapped out.  I don't think that system
compromise+swapfile looking is in the threat model that most people
consider.

Remember, there are external OS facilities that can help minimize this
threat anyawys, such as encrypted swap.

> Perhaps we could work on better ways to to get the question answered.

Unfortunately, I haven't been able to think of one.  Command-line oriented
programs have a harder time displaying 'suggestions' or 'helpful hints'
without being obtrusive.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/