password safes for mac
Perry E. Metzger
perry at piermont.com
Sun Jun 28 16:43:18 EDT 2009
Bill Frantz <frantz at pwpconsult.com> writes:
> perry at piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:
>
>>It has problems. Among other things, it only mlocks your session key
>>itself into memory, leaving both the AES key schedule (oops!) and the
>>decrypted data (oops!) pageable into swap. (Why bother mlocking the text
>>of the key if you're not going to lock the key schedule?)
>
> You should probably use the encrypted swap feature on the Mac.
>
> System Preferences -> Security -> Use secure virtual memory.
Sure, but whether an application does mlock properly is a proxy
for whether other things are done properly. I looked at that because I
could do so in about five minutes without much fuss. Doing a proper
audit of 28klocs is otherwise not something one does casually.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list