Question about mpz_clear

Niels Möller
28 Jun 2003 10:40:41 +0200

Kevin Ryde <> writes:

> And obviously data values go through registers and the stack as
> function parameters and stuff.  I imagine if data is sensitive then a
> separate process or something will be the only practical way to keep
> it from prying eyes.

When this discussion comes up, I usually recommend people to look into
ways of encrypting data when it is swapped out to disc (there are many
attack models, but to me the one that seems most relevant is the case
of an attacker that gets raw access to hard disks (either by root
compromise or burglary) some days or months after you have used a
private key).

At run time, you simply have to trust that (i) root is not
compromised, and (ii) your own user is not compromised, and (iii) the
boundaries the kernel placed between different users' processes is
solid; if any of these assumptions is violated the attacker can read
the data while you're *using* it, overwriting it shortly afterwards
doesn't help much.

Niels Provos wrote a paper about swap encryption a few years ago, at, and I think there's some
work being done in the *bsd communities, but not much elsewhere.