Well, I'm not that paranoid. I understand (as will my customers) that while the text is displayed, any rouge app/etc. that might be on the machine could access it -- if nothing else, by capturing the screen buffer.

All I'm really looking for in terms of safety is that when the cleartext display is destroyed, being reasonably certain that it's not still lurking about in some easy-to-retrieve place. I'm willing to live with it remaining in swap (encrypting swap is so damned easy these days...), but would not want it hanging about in RAM.

(encrypting swap is so damned easy these days...)

and then you have that encryption key somewhere in RAM...

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Yeah, it's enough to make you scream, isn't it? :-) At least the key for encrypted swap is somewhat protected (you pretty much have to be root to get at it, assuming there aren't gaping bugs in the swap or encryption layer). There's a point at which paranoia has just got to stop, and one needs to say "secure enough", I guess.

<–radiant.matrix–>
Ramblings and references
The Code that can be seen is not the true Code
I haven't found a problem yet that can't be solved by a well-placed trebuchet