[144534] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (Bill Frantz)
Sun Jun 28 17:05:58 2009
Date: Sun, 28 Jun 2009 13:02:03 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: "Perry E. Metzger" <perry@piermont.com>, cryptography@metzdowd.com
In-Reply-To: <87eit4np9m.fsf@snark.cb.piermont.com>
perry@piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:
>It has problems. Among other things, it only mlocks your session key
>itself into memory, leaving both the AES key schedule (oops!) and the
>decrypted data (oops!) pageable into swap. (Why bother mlocking the text
>of the key if you're not going to lock the key schedule?)
You should probably use the encrypted swap feature on the Mac.
System Preferences -> Security -> Use secure virtual memory.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
