Bill Frantz <[email protected]> writes: > [email protected] (Perry E. Metzger) on Sunday, June 28, 2009 wrote: > >>It has problems. Among other things, it only mlocks your session key >>itself into memory, leaving both the AES key schedule (oops!) and the >>decrypted data (oops!) pageable into swap. (Why bother mlocking the text >>of the key if you're not going to lock the key schedule?) > > You should probably use the encrypted swap feature on the Mac. > > System Preferences -> Security -> Use secure virtual memory.
Sure, but whether an application does mlock properly is a proxy for whether other things are done properly. I looked at that because I could do so in about five minutes without much fuss. Doing a proper audit of 28klocs is otherwise not something one does casually. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
