Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: > Oh, GNOME keyring still works mostly fine, it just fails to lock the > memory to prevent it from being paged to disk. It only really matters > if you're running some ultra-secure military/government stuff, but it's > not how it was designed to work. Although I can't find a source now, I seem to recall that GnuPG recently stopped using special memory-locking widgets for its passphrase entry dialog. One of the reasons mentioned was that mlock doesn't add much security because hibernation will write even locked memory to the disk. I think encrypting the swap partition (and the rest of the disk) is a better way of protecting secrets. Ultra-secure military stuff should probably just have enough RAM and no swap partition. mlock seems better suited for time-critical algorithms, like preventing skips in audio like Thomas mentioned. The limit should be chosen with that kind of usage in mind. Björn Persson
Attachment:
pgp7Jn1YS6XpR.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
