[Passwordsafe-devel] secure memory question

[Edward E. <ed...@ya...>]

Jim,

I haven't seen any list traffic in quite a while.  I take it this means
development on PasswordSafe has stalled or at least tailed off.  That's
ok, I'm not trying impugn anyone, just saying it's part of the reason I
never posted my code for the secure allocator I mentioned a few months
ago.

I've been working on getting my secure allocator published, which will
not only make the code available to everyone but also the allocator
will (hopefully) end up being more robust.  While working on this task,
I ran into a question I'm hoping you can help me with.

In our brief discussion of the SecString class and secure allocators, I
seem to recall you mentioning that a secure memory wipe should do more
than just zero out the memory block once. (I can't find the email now,
the sourceforge archives don't seem to have it). E.g. if I have a key
or password in some memory block, I should overwrite it multiple times
with different bytes (0x00, 0xFF, 0xAA, 0x55, and such).

I am curious, what was the basis for this statement?  After reading
Peter Gutmann's excellent article "Secure deletion of data from
magnetic and solid-state memory”, that strategy seems to work well for
magnetic media (hard disks), but apparently doesn't do much for
solid-state memory (RAM) where the "imprint" left by data is a function
of how much time the data was there.  Did I miss something?  Is there
more recent work which indicates several quick overwrites of RAM really
is beneficial?

Thanks for your help,

Edward Elliott

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com