On Wed, Aug 07, 2002 at 08:04:50PM -0500, Kirk Strauser wrote:
| At 2002-08-07T23:35:22Z, Tom Cook <tom.cook@adelaide.edu.au> writes:
[Kirk wants to create 'vipgp' without using temp files]
Usually temp files are used. For example, the 'crontab -e' and
'visudo' commands use temp files. So does mutt, when composing a
message or when using an external pager to view it, or when feeding
the data through gpg to encrypt/decrypt/sign/verify it. It wouldn't
be hard to create a 'vipgp' shell script using temp files.
| > Why are temporary files not acceptable?
|
| That would involve writing the unencrypted data to a physical medium.
| Depending on the sensitivity of the data, that could mandate a rather dire
| wiping of that part of the drive afterward.
Memory is a physical medium as well (although it is more volatile).
Also be aware that if swap is enabled on the system, even stuff in
memory can be written to disk at some point without you intending it.
That will happen, particularly on small systems (like the 8MB 486 next
to me).
You have to decide how sensitive that data is, and whether or not you
entrust it to any computer. If not, then you should use pencil and
paper and encrypt it before a computer ever sees it (and convince the
receiver that they must hand-decrypt it as well) :-). Even then the
data touches physical medium. Better just encrypt it all in your
head :-).
Ok, so I got a bit extreme there, but I hope it makes my point --
everything is "insecure" by some definition, you just have to choose
how high you want the bar and how much effort you're willing to put
into it to have the bar higher.
-D
--
No harm befalls the righteous,
but the wicked have their fill of trouble.
Proverbs 12:21
http://dman.ddts.net/~dman/
Attachment:
pgp_Hl7JgXU4F.pgp
Description: PGP signature