On Wednesday, 21 September 2016 at 18:05, Björn Persson wrote:
Michael Catanzaro <mcatanzaro(a)gnome.org> wrote:
> Oh, GNOME keyring still works mostly fine, it just fails to lock the
> memory to prevent it from being paged to disk. It only really matters
> if you're running some ultra-secure military/government stuff, but it's
> not how it was designed to work.
Although I can't find a source now, I seem to recall that GnuPG recently
stopped using special memory-locking widgets for its passphrase entry
dialog. One of the reasons mentioned was that mlock doesn't add much
security because hibernation will write even locked memory to the disk.
When using SecureBoot, hibernation is disabled, so only suspend-to-RAM
might be a concern.
Regards,
Dominik
--
Fedora
http://fedoraproject.org/wiki/User:Rathann
RPMFusion
http://rpmfusion.org
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"