Computer Security: Oh dear, oh dear.

I’ve just read this article in the on-line edition of the New Scientist.

Of course, the “technique” which allows the contents of main memory to be held on the hard disk is not exactly new. Indeed, BSD derived operating systems had that as the default until the last 90’s. That is pre-allocating memory pages in swap and doing a copy them to disk on modification to them so that they’re continuously up to date. This has the downside that processes take longer to start up (as you have to set up the memory both on disk and in main memory) but has the advantage of deterministic memory+swap allocation so that a processes can be guaranteed that the resource is there when they actually use it. It also allows processes to be “swapped out” by merely invalidating their memory pages and not writing to disk at all.

However, as this shown in this posting from Alec’s blog, there is a rather serious downside to this when it comes to security and cryptography on a working system, notably, the unencrypted data will be left on the hard disk and it could be difficult to scrub.

Of course, I’m sure that’s just what any forensic investigator would like.. but it’s also what any malicious attacker would like as well.

So, which would you like, personal/system security or poor security for everyone so that detectives can gain evidence against a small minority?

It’s your choice… oh, sorry, it’s not, it’s the Xxxxxx Government’s (where Xxxxxx is the country in which you live). Somehow I think we’re going to have unsecure computers RealSoonNow(tm).