Robert Graham Merkel <[EMAIL PROTECTED]> writes:
> That all sounds quite solid reasoning to me. I've taken a security
> class, which didn't teach us all that much about how to design
> secure systems, but was quite good at showing just how easy it was
> to make insecure ones.
Yea.. I do computer security for a living (I do Linux hacking in my
free time ;) It is way too easy for someone to create an insecure
system. There are just too many pitfalls for someone to fall into.
Mind if I ask where you took a class and who taught it?
> Of course, I hope that anyone who encrypts their gnucash data
> remembers to also encrypt their swap file . . .
Well, if you have enough RAM this isn't an issue... ;)
There was a good paper at Usenix Security Symposium last month
about Swapfile Encryption. The code may even be available..
Please, don't ask me for a URL, I don't have one.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
gnucash-devel mailing list
[EMAIL PROTECTED]
http://www.gnumatic.com/cgi-bin/mailman/listinfo/gnucash-devel
