Re: Security of data in memory

From: Chris Holloway (chrishollat_private)
Date: Wed Jan 16 2002 - 04:17:11 PST

Next message: Matthew Cline: "Re: Security of data in memory"

Previous message: Ben Laurie: "Re: URL for Yarrow PRNG"
Next in thread: Matthew Cline: "Re: Security of data in memory"
Reply: Matthew Cline: "Re: Security of data in memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Gutmann's paper 'Secure Deletion of Data from Magnetic and
Solid-State Memory'
(http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) has
sections on the recovery and erasure of data stored in RAM. Perhaps you
should also disable core dumps with setrlimit? HTH.

-Chris Holloway.

On Tue, 2001-12-25 at 13:31, Nicholas Brawn wrote:
> I have a unix program that reads in an encrypted file, decrypts it and 
> works on it whilst in memory. What security considerations should I be 
> aware of? I'm thinking of things like clearing the decrypted buffer 
> prior to exiting, not storing any of the data in a temporary file, etc.
> 
> Cheers,
> Nick
> 
> --
> Real friends help you move bodies.
>

Next message: Matthew Cline: "Re: Security of data in memory"
Previous message: Ben Laurie: "Re: URL for Yarrow PRNG"
Next in thread: Matthew Cline: "Re: Security of data in memory"
Reply: Matthew Cline: "Re: Security of data in memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 15:37:37 PST