[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU Crypto] Passwords Immutable?
From: |
gnu-crypto-discuss |
Subject: |
Re: [GNU Crypto] Passwords Immutable? |
Date: |
Mon, 12 Apr 2004 21:58:12 -0600 |
On Mon, 12 Apr 2004 22:10:23 -0400, "Bryan Hoover" <address@hidden>
said:
> Casey Marshall wrote:
> > But there is always the issue of where sensitive objects are kept in
> > the JVM -- we essentially have no control over the memory management,
> > so we have no idea if cryptographic keys are swapped out to disk, or
> > if some other process is accessing them, etc.
On systems were inspection of swap is an issue, it should be encrypted.
> > Usually we at least want to prevent disk swapping, and would do that
> > via mlock, but would this be available to a Java program?
mlock is not a guarantee that a given page doesn't end up in swap -- it
only means that the locked pages are not discarded. In this way, UNIX
itself does not have a standardized way of preventing swapping. And mlock
is a privileged operation.
I am not sure about wiping memory & any associated swap pages: perhaps
mmap & msync will do the trick reliably on any UNIX, but I am afraid the
standards are phrased not sufficiently precisely.
-Hein
- Re: [GNU Crypto] Passwords Immutable?, (continued)
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/04/21
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/21
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/22
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/22
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/23
- Re: [GNU Crypto] Passwords Immutable?, Matthew Sackman, 2004/04/16
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/04/16
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/16
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/12
Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/04/12
- Re: [GNU Crypto] Passwords Immutable?,
gnu-crypto-discuss <=