Linux security issues

Rev. Mark Grant mark at unicorn.com
Fri Oct 27 11:08:35 PDT 1995


On Thu, 26 Oct 1995, Bill Frantz wrote:

> However, the pass phrase is not the only dangerous information. 
> Intermediate forms used for decrypting the RSA private keys, and the
> decrypted RSA private keys also have to be protected.  The logic of PGP
> requires that it keep at least one of these around for a long time, so it
> will probably be written to swap space.

Couldn't you use mmap() to map a disk file into your address space, keep 
all your secret data in that part of the address space, and then 
carefully wipe that file before exiting ?

I guess you'd then have the problem that people could just read that file
(if they had the priviledges to do so) to find all the secret data rather
than having to trawl through the swap file though.. and you'd still have
to worry about disk buffering. So it probably wouldn't be a big
improvement. 

	Mark







More information about the cypherpunks-legacy mailing list