[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: new widgets...
From:       Marc Mutz <Marc.Mutz () uni-bielefeld ! de>
Date:       2002-09-27 10:01:20
[Download RAW message or body]


On Friday 27 September 2002 09:01, Ryan Cumming wrote:
> On September 26, 2002 23:30, Pupeno wrote:
> > But while it's in memory.
> > Supouse I write the password in a KPasswordEdit and then run
> > OpenOffice (sorry folks, just joking) or something like that, and
> > everything ends up swapped. the contents of KPasswordEdit (without
> > my patch) would end up swapped or I'm missing something important
> > here.
>
> The point is, if you write over it, it is no longer is memory, and
> therefor cannot be swapped.

Exactly. More precisely: You decrease the chance of it being swapped out 
if you wipe it after use. If you e.g. use Kmail's pgp code without 
"keep passphrase in memory", then the passphrase will be wiped as soon 
as it has been written to the passphrase-fd of gpg/pgp. If you 
installed gpg correctly, it will be able to mlock() it's own "secmem" 
and so the chance of swapping the passphrase to memory is minimized.

Marc

-- 
It is truly ironic that the United States, once the beacon for
promoting the principles of freedom of expression, is now
systematically infecting other countries with this dangerous public
policy choice [the DMCA] that will restrict more speech than any law
before it.    -- EFF FTAA Alert:
                 Stop Hollywood Forcing Technology Ban on 34 Countries

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]