password safes for mac

Perry E. Metzger perry at
Sun Jun 28 16:43:18 EDT 2009

Bill Frantz <frantz at> writes:
> perry at (Perry E. Metzger) on Sunday, June 28, 2009 wrote:
>>It has problems. Among other things, it only mlocks your session key
>>itself into memory, leaving both the AES key schedule (oops!) and the
>>decrypted data (oops!) pageable into swap. (Why bother mlocking the text
>>of the key if you're not going to lock the key schedule?)
> You should probably use the encrypted swap feature on the Mac.
> System Preferences -> Security -> Use secure virtual memory.

Sure, but whether an application does mlock properly is a proxy
for whether other things are done properly. I looked at that because I
could do so in about five minutes without much fuss. Doing a proper
audit of 28klocs is otherwise not something one does casually.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list