Re: [GNU Crypto] Passwords Immutable?

[gnu-crypto-discuss]

On Mon, 12 Apr 2004 22:10:23 -0400, "Bryan Hoover" <address@hidden>
said:
> Casey Marshall wrote:
> > But there is always the issue of where sensitive objects are kept in
> > the JVM -- we essentially have no control over the memory management,
> > so we have no idea if cryptographic keys are swapped out to disk, or
> > if some other process is accessing them, etc.

On systems were inspection of swap is an issue, it should be encrypted. 

> > Usually we at least want to prevent disk swapping, and would do that
> > via mlock, but would this be available to a Java program?

mlock is not a guarantee that a given page doesn't end up in swap -- it
only means that the locked pages are not discarded. In this way, UNIX
itself does not have a standardized way of preventing swapping. And mlock
is a privileged operation.

I am not sure about wiping memory & any associated swap pages: perhaps
mmap & msync will do the trick reliably on any UNIX, but I am afraid the
standards are phrased not sufficiently precisely.

-Hein