On Wed, 10 Mar 1999, David Tribble wrote:
> Bob> I don't think so. It really depends on what RAM does when it's unpowered.
>
> Who do I ask to find out what RAM does when it's unpowered?
It reverts to a random state, though dynamic memory might be all zeros or
ones since there will be no charge on the bits. But that does not
guarantee that the data won't be recoverable:
http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
> Bob> Pretty drastic software though...
>
> Not as drastic as permanently leaving your Palm III in a classified area because it
>has classified data on it...
>
> Thanks Bob. Has anyone else fought the "Palm Computers and classified data" issue?
My form of the question is how do I dispose of PGP passphrases? It is
more of an issue on the desktop since there is a lot of space for viruses
and data to hide, and you don't take them with you. Having a virus on the
palm that required a conduit to transmit is a bit much.
On the palm, the problem is that the field you are editing might be
playing with the memory - resizing or copying for the keyboard dialog, or
something similar. And then there are the graphics.
The problem with the heaps is that wherever something might have been, it
might have been reallocated (but not every byte initialized), so a
passphrase might end up in a heap header or other data structure
somewhere.
I don't think there is a deterministic way to scrub memory (e.g. zero
everything, copy every database, delete the old copy, rename the new to
the old).
Nor is there a way to force things to use only areas of memory under your
control so you could clean them before unlocking (although Palm might
elaborate on this).
