Passwords can sit on disk for years
Matt Crawford
crawdad at fnal.gov
Tue Jun 8 12:30:03 EDT 2004
On Jun 8, 2004, at 9:44, jdean at lsuhsc.edu wrote:
> And of course, the article didn't get it right. Because of optimizing
> compilers, it is *not* trivial to zero passwords.
The full paper does make that point.
http://www.stanford.edu/~talg/papers/USENIX04/abstract.html
Me, I run machines with no swap disk if they have important keys on
them, and aren't in a very secure facility. A master decryption key is
needed at boot time, of course.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list