Of course, to make this work you have to
have "secure" versions of all apps that
are expected to handle sensitive data,
such that nothing is written to a database
except in the encrypted form.

-- 
-Richard M. Hartman
[EMAIL PROTECTED]

186,000 mi./sec ... not just a good idea, it's the LAW!


> -----Original Message-----
> From: Richard Hartman 
> 
> Here's a thought: if all classified data is
> encrypted as it is stored (see for example
> the program "Mobile Account Manager") then
> you don't -have- to wipe the RAM as long as
> you can ensure that the encryption key is
> removed.  Any remaining data you could find
> by poking around in RAM would be useless
> without the key.
> 
> -- 
> -Richard M. Hartman
> [EMAIL PROTECTED]
> 
> 186,000 mi./sec ... not just a good idea, it's the LAW!
> 
> 
> > -----Original Message-----
> > From: David Tribble [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, March 10, 1999 4:01 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: Slicking Memory on a Palm III
> > 
> > 
> > From Richard Hartman:
> > 
> > > How's this then: don't leave the Pilot, but leave the 
> memory board.
> > 
> > Most of our users will be on Palm III or better.  And I don't 
> > think the person buying into this would appreciate having the 
> > price jacked up for duplicate memory boards.
> > 
> > > If they're that stiff on security, I don't know that they'd 
> > believe than any ram-wipe app really wiped the ram anyway...
> > 
> > True.  NSA is the authority for this stuff (de-classifying 
> > machines), but we're investigating for ourselves.
> > 
> > From Tom Zerucha:
> > 
> > >> Who do I ask to find out what RAM does when it's unpowered?
> > >
> > > It reverts to a random state, though dynamic memory might be all
> > > zeros or ones since there will be no charge on the bits.  But that
> > > does not guarantee that the data won't be recoverable:
> > > http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
> > 
> > Wow... that is good information.  Thanks Tom.  Unfortunately 
> > I don't have any suggestions on the PGP passphrase problem.
> > 
> > Thanks everyone.
> > 
> > trib
> > ---------------------------------------------------------------
> > David Tribble, INRI Hawaii - [EMAIL PROTECTED]
> > 808.625.2118 (v)  808.625.6315 (f)
> > 
> > 
> > 
> 

Reply via email to