Michael Catanzaro <mcatanz...@gnome.org> wrote: > Oh, GNOME keyring still works mostly fine, it just fails to lock the > memory to prevent it from being paged to disk. It only really matters > if you're running some ultra-secure military/government stuff, but it's > not how it was designed to work.
Although I can't find a source now, I seem to recall that GnuPG recently stopped using special memory-locking widgets for its passphrase entry dialog. One of the reasons mentioned was that mlock doesn't add much security because hibernation will write even locked memory to the disk. I think encrypting the swap partition (and the rest of the disk) is a better way of protecting secrets. Ultra-secure military stuff should probably just have enough RAM and no swap partition. mlock seems better suited for time-critical algorithms, like preventing skips in audio like Thomas mentioned. The limit should be chosen with that kind of usage in mind. Björn Persson
pgpH81_wbJ8al.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
