Re: Turning off JIT Optimisation
On 5/15/2010 2:42 PM, markspace wrote:
rossum wrote:
IIRC even if you switch the computer off
if the attacker cen get its memory chips into a freezer quickly enough
the memory may be recoverable for up to 20 minutes.
This is utterly bogus. There's no way any temperature change short of
(perhaps) absolute zero is going to have any effect on the minuscule
charge stored inside a d-ram. No way, no how.
And I sincerely doubt that "stand-by" retains any information at all,
unless it swaps memory out to disc.
Except there has been research into this. Shut-off memory circuits
state decays slowly enough at room temperature, and even slower if
blasted by a cold substance (such as turning a can of "canned air" on
its head). I read about this in a few places, including Communications
of the ACM. I don't have the exact reference handy though.
Anyway, memory doesn't decay 100% in mere seconds. The chance of a
particular cell decaying is small enough that a "hacker" can physically
retrieve the memory, and easily obtain the information stored in it.
However, I would assume that simply setting the value to zero would be
good enough..
On the other hand, Java provides no way to guarantee that the contents
of an array are not swapped to disk, or loaded into a different page in
physically memory. There is nothing you can do from Java (short of JNI)
to secure that data.
--
Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>