On Wed, Feb 13, 2008 at 11:41:53AM +0100, Krzysztof Żelechowski wrote: > > Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze: > > Hello, > > > > On 200802010958, Krzysztof Żelechowski wrote: > > > 1. The decrypted information must not make it to any persistent medium > > > > Use full-disk encryption, as has been stated before. That way, you can > > be confident that nothing leaks into unencrypted places, since such do > > not exist in the running system. > > Full disk encryption makes the system unnecessarily slow, > especially if applied to swap space. > I am seeking an intermediate solution for desktop computers > where the amount of confidential data is small. > The system as a whole should not be affected > (unless, of course, it is a dedicated device, > but that is another story).
I am under an stron impression that you want the system secure, without defining a coherent threat model. All the world's encryption and RAM-keeping won't protect you against TEMPEST. Sit back, define your threat: spooks? trojans? identity thieves? snoopy spouse? laptop thieves? You can't be secure against all possible threat. Decide which one you choose and concentrate on defending against this particular thread. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users