Implications of using insecure memory
Atom 'Smasher'
atom at suspicious.org
Sun Oct 3 05:14:32 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, 2 Oct 2004 shatadal at vfemail.net wrote:
> As a new user I want to know what are the implications of using gpg with
> insecure memory in windows and linux, how serious are they and what
> steps can I take to improve security? Does insecure memory mean that I
> should not use gpg on sych systems?
=================
it means that sensitive information, such as a passphrase or secret key
*might* be written to a disk swap space. if that happens, and someone
stole your HD, they could search the disk and maybe find something that
could compromise your key.
i dunno about windoze, but on *nix you can solve this by setuid-ing the
gpg binary... that would force it to only use secure memory (RAM) and not
write to disk swap.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Microsoft shouldn't be broken up. It should be shut down."
-- Bruce Schneier, 15 May 2000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBX26dAAoJEAx/d+cTpVcikMwIAKed2kI0PgpxvWUc2OsTKMHg
iSK7aLRDHPcyBCCpr7wIOkujN5xlNQdCCyWNY/gzLLb1Vl7YzDLRWcMKH/Gt47kK
chl3iqCNtz8xIveUvR9UITCkIVzmlmVkSpAkxwpSR67vHR2b1aVrWruv4gyNYlly
2vEECFQBiG9jYaoyVlQqd+neqEqJoT/gISVqfx7RJLXCFAxuBTKHKg9aHc9InuoY
FCo2VHExwPzwQBfJ7i6wHvTCnhaq5tfZNJhZRsvB1t3nrNRzWE4nIi26cwmlUiWo
DuoqQP4YfeftlNtr5UZ/jGG/MOVMHY5hzZH+p5HOvMfx2xTdUIK2xibJAB8aOiw=
=QzL/
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list