[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Freedomnet, Mac and Virtual Memory

To: "'cypherpunks@toad.com'" <cypherpunks@toad.com>
Subject: Freedomnet, Mac and Virtual Memory
From: potsmoker@alpha.freedom.net
Date: Thu, 11 Nov 1999 20:49:30 -0800



> Do Macs (and does your VPC) try to save CPU state to disk (which one)
> for recovery when the  power is cut?

In fact, someone else pointed out in private email something that I should have realized myself: There is a serious security risk in the form of the Mac's virtual memory swap file.  The entire VPC session is held in application ram, which can/will be written to disk in the swap file.  Even when the VPC application is exited and the PGP Disk dismounted, the Freedom keys may still reside (in cleartext!) in my swap file.  Even when the power is turned off, the swap file is still there.  (PGP Tools has a "Wipe Free Space" feature, but the swap file is, of course, not "free" as long as the OS is running.)

Zero Knowlege may have even gone to some trouble to make sure that keys are not swapped to the Windows swap file (depending on how paranoid they are -- I know PGP Disk does this), but VPC is unlikely to pass that "unswappable" status on to the Mac OS's memory manager.

Unfortunately, this is a major problem. Macs don't run well with Virtual memory turned off, period. And as far as I know, there is no way to get the Mac OS to put the swap file on a volume that is not mounted at boot time (i.e. a PGP Disk volume).

It seems possible that one could build a utility which wipes all unused ram, that could be run as a "clean up" task after VPC quits and gives back its memory. Kinda like PGP's disk space wiper, except it would have to deal with issues like the Mac's inability to allocate noncontiguous blocks to the same application, and it would have to find a way to find, fill and flush to disk each unused memory page -- preferrably several times in order to effectively obscure the previous value burned into the magnetic surface of the disk (by default, PGP Tools' wipe makes 8 passes).

Anyone have any better ideas?

______________________________________________________________________________
Total Internet privacy -- get your Freedom pseudonym at http://www.freedom.net

Prev by Date: [Fwd:] CypherPunks: Efficient Hardware DES.
Next by Date: weak encryption
Prev by thread: Re: Freedomnet, Mac and Virtual Memory
Next by thread: Re: Freedomnet, Mac and Virtual Memory
Index(es):
- Date
- Thread