Belkasoft wrote:
I'm not sure whether or not crypto containers such as TrueCrypt, BitLocker or PGP Disk protect their memory sets from dumping. This would seem logical, but I don't know if they do this already. And even if they don't protect their memory sets yet, I'm pretty sure someone will come up with this idea pretty soon. So if one is taking a memory dump hoping to extract the encryption keys, one better use a proper tool now rather than later.Sure <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> , the general idea of my post was NOT in any way to suggest that your approach/article/etc. is in any way "wrong" or "overzealous", only that the OP reference to the experience that user OPA-KUP shared on the forum might not (yet) include the "worst case" scenario (or such scenario was not detected), and as such not a valid counter argument to your approach.
On the other hand, and as I see it, and again with no intent in any way to undermine the approach described, we miss some sound "field" data to fully evaluate the "practical" *need* to elevate it to a new "standard".
In other words:
Is the method you propose "better" or "safer"? Yes.
Is the *old* method "safe enough"? It depends.
I hope this clears the sense of my post.
jaclaz
↧