Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #83
| From | bmearns <mearns.b@gmail.com> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Securely erase files cached in memory (dm_crypt) |
| Date | 2012-01-11 13:51 -0800 |
| Organization | http://groups.google.com |
| Message-ID | <8ff227bf-6bb8-4fa6-8deb-2d8aee593f6a@ck5g2000vbb.googlegroups.com> (permalink) |
| References | <ecdb71e0-2505-40b3-ae21-b8e953645ecb@cf6g2000vbb.googlegroups.com> <87pqetb0lo.fsf@araminta.anjou.terraraq.org.uk> <5f89838b-00b3-4aaa-b826-c437dfc3bba6@p42g2000vbt.googlegroups.com> <jegcd5$lo8$1@theodyn.ncf.ca> |
On Jan 9, 10:47 pm, William Colls <william.co...@rogers.com> wrote: > On 01/09/2012 10:04 PM, bmearns wrote: [snip] > > Thanks, Richard. I guess it makes sense that the data would not be > > swapped: as far as the kernel knows, any file data it's cached is > > already on disk, it would be pointless to put it on another disk by > > swapping. > > > So now I just have to worry about anything cached in RAM, which is a > > bummer, because the whole point of this is to purge all the data > > without having to power cycle. > > > -Brian > > I'm no expert in this, but it would seem to me, that once the program is > suspended, and the key removed, the program would also de-allocate any > memory it is holding, and on any kind of reasonably busy machine, that > memory is going to be fairly quickly re-allocted to something else and > over written. But I'm really just guessing. True, but I would think "fairly quickly" could still be a matter of hours left to it's own devices. If I just use malloc to keep grabbing memory until the call fails, that should work, right? It will page anything it needs to keep, but those deallocated blocks of decrypted data should be fair game.
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-08 08:53 -0800
Re: Securely erase files cached in memory (dm_crypt) Richard Kettlewell <rjk@greenend.org.uk> - 2012-01-09 11:02 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-09 19:04 -0800
Re: Securely erase files cached in memory (dm_crypt) William Colls <william.colls@rogers.com> - 2012-01-09 22:47 -0500
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-11 13:51 -0800
Re: Securely erase files cached in memory (dm_crypt) Richard Kettlewell <rjk@greenend.org.uk> - 2012-01-11 22:09 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-11 14:23 -0800
Re: Securely erase files cached in memory (dm_crypt) unruh <unruh@invalid.ca> - 2012-01-12 01:54 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-13 10:21 -0800
Re: Securely erase files cached in memory (dm_crypt) Jim Beard <jdbeard@patriot.net> - 2012-06-14 08:51 -0400
Re: Securely erase files cached in memory (dm_crypt) Robert Nichols <SEE_SIGNATURE@localhost.localdomain.invalid> - 2012-01-12 10:35 -0600
Re: Securely erase files cached in memory (dm_crypt) Alexander Schreiber <als@usenet.thangorodrim.de> - 2012-01-15 23:20 +0100
Re: Securely erase files cached in memory (dm_crypt) Aragorn <stryder@telenet.be.invalid> - 2012-01-16 00:16 +0100
csiph-web