"Cloak", or Cloaca? :-)

Trei, Peter ptrei at rsasecurity.com
Wed Feb 27 09:52:23 EST 2002


> Ben Laurie[SMTP:ben at algroup.co.uk]
> 
> 
> Keyring and Strip are both programs that provide secure DBs on Palms.
> Keyring, at least, is free and open source.
> 
> However, since Palms have no MMU, there's no security against hostile
> other apps, which makes them pretty useless devices for this kind of
> purpose.
> 
I'm coming into this a bit late, but the security situation on PalmOS is not
quite as dire as you make out (at least thru OS 3.5, maybe later). The
reason
is that the OS is single-threaded, and does not have preemptive
multitasking.
The OS sends the current app a message, saying, essentially 'Shut down
now and let something else happen'. The app can take it's sweet time about
this, and delay things long enough to zeroize or encrypt any sensitive data.

Peter Trei

> The right answer, IMO, is EROS on an MMUed handheld device (not sure
> about the biometric aspect - as I've stated at tedious length before, I
> like my appendages and don't want to give people incentive to steal
> them), such as that thing that runs Linux whose name temporarily escapes
> me, or the new Sharp gadget. Or a Jornada if they ever make one small
> enough.
> We have the technology. All we need is someone to finance it.
> Cheers,
> Ben.
> 
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list