On Saturday 31 July 2010 15:45:59 Cory Nelson wrote: > On Fri, Jul 30, 2010 at 9:58 AM, Matthew Toseland > <toad at amphibian.dyndns.org> wrote: > > On Friday 30 July 2010 17:02:35 Cory Nelson wrote: > >> I know that at least Windows lets you lock pages in RAM. ?Maybe Java > >> has a launch option that does this? ?Even better would be to use large > >> pages, which are more efficient (lowers overhead and TLB cache misses) > >> and are also locked in RAM. > > > > No, not practical given java is garbage collected, and not supported anyway > > afaik. Unless maybe some recent nio change? > > Large pages seem to work with -XX:+UseLargePages > > Found here: > http://www.oracle.com/technetwork/java/javase/tech/largememory-jsp-137182.html > http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html
Which has nothing whatsoever to do with what we are discussing. It is possible that there is some variant on ByteBuffer.allocateDirect() in a recent JVM that allows us to allocate some space that is locked in memory, which would provide additional confidentiality for keys. Anything that is just created as an object - *and that includes the temporary structures involved in encryption implemented in java* (whether by us or by sun) - is potentially swappable. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20100731/c3507ea6/attachment.pgp>