1996-12-02 - RE: Secure Memory Deletion

Header Data

From: John Fricker <jfricker@vertexgroup.com>
To: cypherpunks@toad.com
Message Hash: c9bc31c3d2b8312346ff99232c264ab22431cade47ec8dc687954102172e286d
Message ID: <19961202041344041.AAA120@dev.vertexgroup.com>
Reply To: N/A
UTC Datetime: 1996-12-02 04:14:23 UTC
Raw Date: Sun, 1 Dec 1996 20:14:23 -0800 (PST)

Raw message

From: John Fricker <jfricker@vertexgroup.com>
Date: Sun, 1 Dec 1996 20:14:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Secure Memory Deletion
Message-ID: <19961202041344041.AAA120@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain

Seems to me that the chip itself hardly a worry. memset() does the trick for the memory locations you are aware of. Any electrical or molecular level residues would be terribly difficult to sort out. 

The OS provides ample opportunities for unknowns though. ie, Is there some structure in memory that has the data from the user interface object used to collect the passphrase? Is there a keyboard buffer storing the last several (dozen? hundred?) keystrokes? Can 100% security be achieved at all with our current OS's?

>Mark Rosen (mrosen@peganet.com) said something about Secure Memory Deletion on or about 12/1/96 4:49 PM

>	Does anyone know any papers on secure deletion of things from
>memory? That
>is one thing that most people are oblivious to, though, if a program leaves
>your unencrypted passkey laying in memory or a buffer of your plaintext,
>then all the encryption in the world won't help. Should I overwrite the 32
>times specified for hard drives, or are RAM chips easier to clear? Thanks.
>End of message

| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.