On Fri, 14 Jan 2011 10:06, nils.faer...@kernelconcepts.de said: > So, what do you think, would it be worth the effort? > If it would help GnuPG and if you would like to use it I would offer to > implement it and try to push it upstream.
It would definitely be helpful because it makes a safe installation much easier. It will be used automagically and thus one does not need to fiddle with suspend scripts. All the password managers would benefit form that as they all have the same problem. The main threat model would be a stolen laptop with cached passphrases in suspend or hibernation mode. Might also be useful for smartphones. A counter argument will probably be: Just use kernel cyrpto and you don't need to worry. However, this is far more complex than a simple memset on suspend. I don't known what it takes in terms of discussion time to add a new flag to mmap as thar seems to be the easiest solution. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users