Re: Security of data in memory
From: Chris Holloway (chrisholl@btinternet.com)Date: 01/16/02
- Previous message: Ben Laurie: "Re: URL for Yarrow PRNG"
- Next in thread: Matthew Cline: "Re: Security of data in memory"
- Reply: Matthew Cline: "Re: Security of data in memory"
- Reply: redhat: "Re: Security of data in memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chris Holloway <chrisholl@btinternet.com> To: secprog@securityfocus.com Date: 16 Jan 2002 12:17:11 +0000
Peter Gutmann's paper 'Secure Deletion of Data from Magnetic and
Solid-State Memory'
(http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) has
sections on the recovery and erasure of data stored in RAM. Perhaps you
should also disable core dumps with setrlimit? HTH.
-Chris Holloway.
On Tue, 2001-12-25 at 13:31, Nicholas Brawn wrote:
> I have a unix program that reads in an encrypted file, decrypts it and
> works on it whilst in memory. What security considerations should I be
> aware of? I'm thinking of things like clearing the decrypted buffer
> prior to exiting, not storing any of the data in a temporary file, etc.
>
> Cheers,
> Nick
>
> --
> Real friends help you move bodies.
>
- Previous message: Ben Laurie: "Re: URL for Yarrow PRNG"
- Next in thread: Matthew Cline: "Re: Security of data in memory"
- Reply: Matthew Cline: "Re: Security of data in memory"
- Reply: redhat: "Re: Security of data in memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
