Prosecution based on memory forensics
Werner Koch
wk at gnupg.org
Fri Jan 14 21:01:45 CET 2011
On Fri, 14 Jan 2011 10:06, nils.faerber at kernelconcepts.de said:
> So, what do you think, would it be worth the effort?
> If it would help GnuPG and if you would like to use it I would offer to
> implement it and try to push it upstream.
It would definitely be helpful because it makes a safe installation much
easier. It will be used automagically and thus one does not need to
fiddle with suspend scripts. All the password managers would benefit
form that as they all have the same problem.
The main threat model would be a stolen laptop with cached passphrases
in suspend or hibernation mode. Might also be useful for smartphones.
A counter argument will probably be: Just use kernel cyrpto and you
don't need to worry. However, this is far more complex than a simple
memset on suspend. I don't known what it takes in terms of discussion
time to add a new flag to mmap as thar seems to be the easiest solution.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list