Prosecution based on memory forensics

Nils Faerber nils.faerber at
Fri Jan 14 10:06:18 CET 2011


Am 14.01.2011 09:34, schrieb Werner Koch:
> On Thu, 13 Jan 2011 11:50, nils.faerber at said:
>> I could write a very simple driver which provides a mmap()able memory
>> area which the application can use, protected by the kernel, and which
>> will be automatically cleared upon suspend.
>> Would that solve the problem?
> Yes.

Hmm... cool ;)

>> How much memory are we talking about here? Bytes? Kbytes? Or Mbytes?
> For gpg-agent: 32 bytes.  One memory page should be enough for any
> process.

So, what do you think, would it be worth the effort?
If it would help GnuPG and if you would like to use it I would offer to
implement it and try to push it upstream.

> Salam-Shalom,
>    Werner

kernel concepts GbR        Tel: +49-271-771091-12
Sieghuetter Hauptweg 48
D-57072 Siegen             Mob: +49-176-21024535

More information about the Gnupg-users mailing list