Hello. On Fri, Jan 14, 2011 at 09:01:45PM +0100, Werner Koch wrote: > On Fri, 14 Jan 2011 10:06, nils.faer...@kernelconcepts.de said: > > > So, what do you think, would it be worth the effort? > > If it would help GnuPG and if you would like to use it I would offer to > > implement it and try to push it upstream. > > It would definitely be helpful because it makes a safe installation much > easier. It will be used automagically and thus one does not need to > fiddle with suspend scripts. All the password managers would benefit > form that as they all have the same problem. > > The main threat model would be a stolen laptop with cached passphrases > in suspend or hibernation mode. Might also be useful for smartphones. > > A counter argument will probably be: Just use kernel cyrpto and you > don't need to worry. However, this is far more complex than a simple > memset on suspend. I don't known what it takes in terms of discussion > time to add a new flag to mmap as thar seems to be the easiest solution.
Discussion, yes - tough one I think. If you mean by that pushing syscall modification to mainstream - it's not easy :/ (not mentioning doing it for multiple kernels + waiting for upgrade of libcs or doing workarounds). So beign probaly the easiest way it's not easy way at all. Some project are distributing userland piece of code with kernel module - perhaps this is the way to introduce your idea? -- Regards, Milo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users