From xemacs-m  Thu Aug 28 09:08:18 1997
Received: from wfdutilgw.ml.com (wfdutilf01.ml.com [206.3.74.31])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id JAA07864
	for <xemacs-beta@xemacs.org>; Thu, 28 Aug 1997 09:08:17 -0500 (CDT)
Received: from ml1.ml.com ([199.201.57.130])
	by wfdutilgw.ml.com (8.8.5/8.8.5/MLgw-3.03) with ESMTP id KAA20693;
	Thu, 28 Aug 1997 10:09:11 -0400 (EDT)
Received: from commpost.ml.com (commpost.ml.com [146.125.4.24])
	by ml1.ml.com (8.8.5/8.8.5/MLml4-2.07) with SMTP id KAA15834;
	Thu, 28 Aug 1997 10:07:30 -0400 (EDT)
Received: from spssunp.spspme.ml.com (spssunp.spspme.ml.com [192.168.111.13]) by commpost.ml.com (8.6.12/8.6.12) with ESMTP id KAA26594; Thu, 28 Aug 1997 10:12:38 -0400
Received: by spssunp.spspme.ml.com (SMI-8.6/SMI-4.1)
	id KAA06732; Thu, 28 Aug 1997 10:07:24 -0400
To: XEmacs Beta List <xemacs-beta@xemacs.org>
Cc: jari.aalto@ntc.nokia.com
Subject: Re: PGP security threat alert
References: <199708280521.BAA23864@helene.tele.nokia.fi>
X-Face: y,o:AU/bfCrS+zS/W"^puB!rT!G7?U1Mvp1Hd{6h^>X4@Xp5,|g+rG>4gv/iy^&x9`k#s!]X~{]Js>@A4c}4Z"Ct7=#1nPS:?mrWH8c#>$)>/Wc5yuX_OFO1(4cZM{LvsKWVQSl~/i>!n[-B*i-alq[/m\bsdy;W4p(_ic;$BE.oG@eJf@sr#x#}FT<=H8Ozu%g;JpVz:v_~vt[>ef/MeNeo3~D^R]]*bB7{HB|E1$wfMzw
X-Y-Zippy: Yow!  Now we can become alcoholics!
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Colin Rafferty <craffert@ml.com>
Date: 28 Aug 1997 10:07:24 -0400
In-Reply-To: Jari Aalto's message of "Thu, 28 Aug 1997 01:21:22 -0400"
Message-ID: <ocrd8mypfj7.fsf@ml.com>
Lines: 34
X-Mailer: Gnus v5.4.65/XEmacs 20.3(beta18) - "Bratislava"

Jari Aalto writes:

> | Wed 27.8.97  Bart Robinson <lomew@cs.utah.edu>
> |
> |         (let ((record-keystrokes nil) pw)

> That looks nice!
> I have a question; I store the passwords to hash array indexed by
> user name and when the timer process expiress the hash; it simply
> resets it to nil.

> Is this secure enough or should I map over the elements in the vector
> and set each user's password hash-key to nil; before setting the whole
> vector is set to nil?

It depends on what kind of security you want.  If you are worried that
someone with access to your session will get them, that person will just 
override your functions anyway.

If you are worried that someone can read your coredumps, then that
person can override your functions, too.

If you are worried that someone can read the swap file, ....

I think you see where I am going with this.  If someone can get to your
system, it is insecure, by very low-tech means.  Give me two minutes at
your terminal, and I could defadvise your functions to email me your
password.

Worrying about clearing the hash before setting it to nil is like
bolting shut the front door when the kitchen window is wide open.

-- 
Colin

