However, I think I trust gpg and it links to winpt. Also I noticed an old version of winpt used to decrypt a window to itself so its text would automatically become readable. With the latest version installed it seems to only decrypt to the clipboard. The Edit Clipboard dialog has a Clear button. Also the passphrase input prompt does print bullets instead of the letters you type, FWIW.
Possibly if someone is running virtualpc on a linux box they could scan the memory of the emulated windows machine by grepping /dev/mem as below.
Thank you all for your thoughts on this.
I just confirmed that in linux you can read much of the contents of an array after the program has ended, but that filling it with junk works. Well sort of proven it since I think I did find the test string in the source code and interpreted bits..
As toma suggests,#!/usr/bin/perl $a="snoopy"; $x="XXXXXX"; for (0..1000) { push(@s,"$a$_ " x 100); } exit 0; for (0..1001) { @s[$_] = "$x$_ " x 100); } @s = ();
Of course you should use strings instead, I can't because I am using a half-recovered trashed system to do this, yours should have the strings program.perl testmem cp /dev/mem /tmp/mymem grep -a snoopy /tmp/mymem | more reset (you will need this)
Comment out the exit 0 line to test. Haven't tried undef $a but I figure it is similar. You will have to change your test string as your memory gets dirtier the more times you run this. :|
In reply to Re: Re: security of garbage collection
by mattr
in thread security of garbage collection
by mattr
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |