Ryan Malayter wrote: > On 5/17/07, Alessandro Vesely <[EMAIL PROTECTED]> wrote: >> Not quite. That may happen as an undocumented side effect on some >> (or all) OS versions, and is not what the function is meant to do. > > The documentation clearly states: > "These pages are guaranteed not to be written to the pagefile while > they are locked."
Ooops, I hadn't noticed that. Yes, then VirtualAlloc and VirtualLock can be used to avoid leaving traces of sensitive data on the swap file in the way you described (i.e. lock before fill and sweep before unlock.) I still think that's not the kind of task that the function has been designed for. The authorization constrain you mentioned and other possible side effect tend to make it unpractical for naive usage. However, a background console app that allocates a few memory pages for storing sensitive data (e.g. a gpg agent?) should use it to increase data security. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
