Re: Can Perl encryption scripts be run with ram wipe

Well, I'd just wait a couple of minutes before throwing my laptop into liquid nitrogen... there was a thread on that subject some time ago, so I just point to my answer instead of re-posting.

The "most secure" thing would be a crypto device which holds the private key and never ever gives it away, and which key has to be unlocked entering a passphrase (through some keying device attached to that crypto thingy). Still, you will have to be extremely careful not to be shock-frozen together with this device by some agency right after having entered your pin...

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: Can Perl encryption scripts be run with ram wipe

Replies are listed 'Best First'.
Re^2: Can Perl encryption scripts be run with ram wipe by zentara (Cardinal) on Feb 25, 2008 at 19:55 UTC
Thanks for the link to that node, of course it was exactly what I was thinking about doing.... a Tk or Gtk2 front-end to GnuPG. The idea I had, stealing from some javascript keyboard security code, was to make a mouse-driven virtual keyboard for entering the password, to avoid keystroke loggers. I did do some digging on ramdisks and tmpfs, and disposible swap.... and it seems that if a program is on a ramdisk, it will execute there, and can then be wiped. But many gotcha's start to creep in, like does the entire Perl executable, and it's modules, and finally the script itself, need to be on the ramdisk. Thanks to all who answered. By the way, I agree the idea of freezing a laptop to slow it's memory drainage is a bit James Bond-ish, but the idea of root, routinely dd'ing off /dev/mem and /dev/swap to search for password strings seems a pretty plausible form of insecurity. I'm not really a human, but I play one on earth. Cogito ergo sum a bum	[reply]

Replies are listed 'Best First'.

Re^2: Can Perl encryption scripts be run with ram wipe
by zentara (Cardinal) on Feb 25, 2008 at 19:55 UTC

I did do some digging on ramdisks and tmpfs, and disposible swap.... and it seems that if a program is on a ramdisk, it will execute there, and can then be wiped. But many gotcha's start to creep in, like does the entire Perl executable, and it's modules, and finally the script itself, need to be on the ramdisk.

Thanks to all who answered. By the way, I agree the idea of freezing a laptop to slow it's memory drainage is a bit James Bond-ish, but the idea of root, routinely dd'ing off /dev/mem and /dev/swap to search for password strings seems a pretty plausible form of insecurity.

I'm not really a human, but I play one on earth. Cogito ergo sum a bum

[reply]