On Thursday, May 11, 2017 at 1:47:35 PM UTC-5, Bram Moolenaar wrote: > > The missing piece of information is how this is useful. Keep in mind > that the actual key is also in memory (so that it can be used when > writing the file). Not sure how clearing a derevative of it helps. >
I think it would be useful to clear any of the crypto information when it is no longer needed. Not just derivations of the key but the key itself should be cleared when no longer needed. The longer that sensitive information hangs around in memory, the more changes it gets written out to swap space. If someone has opened an encrypted file, then closed it after 10 seconds, it's still quite likely their sensitive data has not been written to swap. But if the data still hangs around in freed application memory that has not yet been re-used, when that same Vim session is still open 3 days from now then the sensitive data is almost certainly stored in swap space now. As a side note, if Vim is not attempting to prevent in-use key data from getting swapped out, it probably should be. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
