From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Sat, 12 Feb 94 21:41:10 PST
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9402130533.AA09054@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


 Developers using the current version of PGPtools
should becareful to add keyspace FIFO and passphrase
"burns" to their applications to insure that
security critical information is NOT left carelessly
in memory... while PGP 2.3A is VERY scrupulous,
PGPTools package does NOT have sufficient internal checks and "burns"
at present...this is left to the developer at pressent...
I also noted a fifo_unlink routine where a burn should
be performed prior to the unlink from the FIFO queue...


       Anon