[144532] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sun Jun 28 17:04:32 2009
To: Bill Frantz <frantz@pwpconsult.com>
Cc: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 28 Jun 2009 16:43:18 -0400
In-Reply-To: <r02010500-1049-8D4EC4B5641E11DE9D2B0030658F0F64@[192.168.1.5]> (Bill Frantz's message of "Sun\, 28 Jun 2009 13\:02\:03 -0700")
Bill Frantz <frantz@pwpconsult.com> writes:
> perry@piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:
>
>>It has problems. Among other things, it only mlocks your session key
>>itself into memory, leaving both the AES key schedule (oops!) and the
>>decrypted data (oops!) pageable into swap. (Why bother mlocking the text
>>of the key if you're not going to lock the key schedule?)
>
> You should probably use the encrypted swap feature on the Mac.
>
> System Preferences -> Security -> Use secure virtual memory.
Sure, but whether an application does mlock properly is a proxy
for whether other things are done properly. I looked at that because I
could do so in about five minutes without much fuss. Doing a proper
audit of 28klocs is otherwise not something one does casually.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
