Secure Memory Deletion
John Fricker
jfricker at vertexgroup.com
Sun Dec 1 20:14:23 PST 1996
Seems to me that the chip itself hardly a worry. memset() does the trick for the memory locations you are aware of. Any electrical or molecular level residues would be terribly difficult to sort out.
The OS provides ample opportunities for unknowns though. ie, Is there some structure in memory that has the data from the user interface object used to collect the passphrase? Is there a keyboard buffer storing the last several (dozen? hundred?) keystrokes? Can 100% security be achieved at all with our current OS's?
>Mark Rosen (mrosen at peganet.com) said something about Secure Memory Deletion on or about 12/1/96 4:49 PM
> Does anyone know any papers on secure deletion of things from
>memory? That
>is one thing that most people are oblivious to, though, if a program leaves
>your unencrypted passkey laying in memory or a buffer of your plaintext,
>then all the encryption in the world won't help. Should I overwrite the 32
>times specified for hard drives, or are RAM chips easier to clear? Thanks.
>
>End of message
--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------
More information about the cypherpunks-legacy
mailing list