Description
This article is from the PGP FAQ, by Jeff Licquia jalicqui@prairienet.org with numerous contributions by
others.
3.18. Can I use PGP under a "swapping" operating system like Windows or OS/2?
Yes. PGP for DOS runs OK in most "DOS windows" for these systems, and
PGP can be built natively for many of them as well.
The problem with using PGP on a system that swaps is that the system
will often swap PGP out to disk while it is processing your pass
phrase. If this happens at the right time, your pass phrase could end
up in cleartext in your swap file. How easy it is to swap "at the
right time" depends on the operating system; Windows reportedly swaps
the pass phrase to disk quite regularly, though it is also one of the
most inefficient systems. PGP does make every attempt to not keep the
pass phrase in memory by "wiping" memory used to hold the pass phrase
before freeing it, but this solution isn't perfect.
If you have reason to be concerned about this, you might consider
getting a swapfile wiping utility to securely erase any trace of the
pass phrase once you are done with the system. Several such utilities
exist for Windows and Linux at least.
Continue to:
Share and Enjoy
Bookmark this story so others can enjoy it:
Tags
security, PGP, Pretty Good Privacy, encryption, NSA, RSA, crack, glossary, signature, signing, verifying, keys, passphrase, hash, cryptography
