Marc.Mutz at uni-bielefeld.de
Fri Sep 27 11:01:20 BST 2002
On Friday 27 September 2002 09:01, Ryan Cumming wrote:
> On September 26, 2002 23:30, Pupeno wrote:
> > But while it's in memory.
> > Supouse I write the password in a KPasswordEdit and then run
> > OpenOffice (sorry folks, just joking) or something like that, and
> > everything ends up swapped. the contents of KPasswordEdit (without
> > my patch) would end up swapped or I'm missing something important
> > here.
> The point is, if you write over it, it is no longer is memory, and
> therefor cannot be swapped.
Exactly. More precisely: You decrease the chance of it being swapped out
if you wipe it after use. If you e.g. use Kmail's pgp code without
"keep passphrase in memory", then the passphrase will be wiped as soon
as it has been written to the passphrase-fd of gpg/pgp. If you
installed gpg correctly, it will be able to mlock() it's own "secmem"
and so the chance of swapping the passphrase to memory is minimized.
It is truly ironic that the United States, once the beacon for
promoting the principles of freedom of expression, is now
systematically infecting other countries with this dangerous public
policy choice [the DMCA] that will restrict more speech than any law
before it. -- EFF FTAA Alert:
Stop Hollywood Forcing Technology Ban on 34 Countries
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
More information about the kde-core-devel