Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #87
| From | Robert Nichols <SEE_SIGNATURE@localhost.localdomain.invalid> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Securely erase files cached in memory (dm_crypt) |
| Date | 2012-01-12 10:35 -0600 |
| Organization | Exiguous |
| Message-ID | <jen23l$ank$1@omega-3a.local> (permalink) |
| References | <ecdb71e0-2505-40b3-ae21-b8e953645ecb@cf6g2000vbb.googlegroups.com> <87pqetb0lo.fsf@araminta.anjou.terraraq.org.uk> <5f89838b-00b3-4aaa-b826-c437dfc3bba6@p42g2000vbt.googlegroups.com> <jegcd5$lo8$1@theodyn.ncf.ca> <8ff227bf-6bb8-4fa6-8deb-2d8aee593f6a@ck5g2000vbb.googlegroups.com> |
On 01/11/2012 03:51 PM, bmearns wrote: > On Jan 9, 10:47 pm, William Colls<william.co...@rogers.com> wrote: >> I'm no expert in this, but it would seem to me, that once the program is >> suspended, and the key removed, the program would also de-allocate any >> memory it is holding, and on any kind of reasonably busy machine, that >> memory is going to be fairly quickly re-allocted to something else and >> over written. But I'm really just guessing. > > True, but I would think "fairly quickly" could still be a matter of > hours left to it's own devices. If I just use malloc to keep grabbing > memory until the call fails, that should work, right? It will page > anything it needs to keep, but those deallocated blocks of decrypted > data should be fair game. You would also have to perform some write operation in each page. Newly malloc()-ed memory starts out as a copy-on-write mmap() of /dev/zero. -- Bob Nichols AT comcast.net I am "RNichols42"
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-08 08:53 -0800
Re: Securely erase files cached in memory (dm_crypt) Richard Kettlewell <rjk@greenend.org.uk> - 2012-01-09 11:02 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-09 19:04 -0800
Re: Securely erase files cached in memory (dm_crypt) William Colls <william.colls@rogers.com> - 2012-01-09 22:47 -0500
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-11 13:51 -0800
Re: Securely erase files cached in memory (dm_crypt) Richard Kettlewell <rjk@greenend.org.uk> - 2012-01-11 22:09 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-11 14:23 -0800
Re: Securely erase files cached in memory (dm_crypt) unruh <unruh@invalid.ca> - 2012-01-12 01:54 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-13 10:21 -0800
Re: Securely erase files cached in memory (dm_crypt) Jim Beard <jdbeard@patriot.net> - 2012-06-14 08:51 -0400
Re: Securely erase files cached in memory (dm_crypt) Robert Nichols <SEE_SIGNATURE@localhost.localdomain.invalid> - 2012-01-12 10:35 -0600
Re: Securely erase files cached in memory (dm_crypt) Alexander Schreiber <als@usenet.thangorodrim.de> - 2012-01-15 23:20 +0100
Re: Securely erase files cached in memory (dm_crypt) Aragorn <stryder@telenet.be.invalid> - 2012-01-16 00:16 +0100
csiph-web