No Subject

Anonymous nowhere at bsu-cs.bsu.edu
Sat Feb 12 21:41:10 PST 1994


 Developers using the current version of PGPtools
should becareful to add keyspace FIFO and passphrase
"burns" to their applications to insure that
security critical information is NOT left carelessly
in memory... while PGP 2.3A is VERY scrupulous,
PGPTools package does NOT have sufficient internal checks and "burns"
at present...this is left to the developer at pressent...
I also noted a fifo_unlink routine where a burn should
be performed prior to the unlink from the FIFO queue...


       Anon






More information about the cypherpunks-legacy mailing list