On Mon, 14 May 2007 18:28, [EMAIL PROTECTED] said: > (Developers familiar with swap-locked memory: I'd appreciate at least a > short explanation of how it works to someone who understands ISO C but > not necessarily OS-specific APIs. Can stack memory be locked, or only
Using mlock(2) it would be hard to lock the stack. But you can lock the entire process against swapping. gpg keeps all sensitive data on the heap and if something ends up on the stack (parts of sensitive data during computations), those variables are overwritten as soon as possible. > heap memory? Would there be any way to load a whole, full-featured text > editor, such as the 1.8MiB vim on my machine, entirely into locked RAM > without screwing something up?) mlockall(2). > such problem is to install a whole-disk encryption solution. That way, > even if what you've got is paged out to disk, nobody can get to it while Page file encryption is actually the best and easiest solution. At the time I designed gpg, this was not available on any free OS. Shalom-Salam, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
