Etapa de construcción y diseño del Hardware

2. Marco teórico

3.1. Etapa de construcción y diseño del Hardware

Disk volumes that other programs may not.

These precautions also apply to whole disk encrypted drives.

Passphrase Erasure

When you enter a passphrase, PGP Desktop uses it only for a brief time, then erases it from memory. PGP Desktop also avoids making copies of the

passphrase. The result is that your passphrase typically remains in memory for only a fraction of a second. Without this critically important feature, someone could search for your passphrase in your computer memory while you were away from the system. You would not know it, but they would then have full access to data protected by this passphrase.

Virtual Memory Protection

Your passphrase or other keys could be written to disk as part of the virtual memory system swapping memory to disk. PGP Desktop takes care that the passphrases and keys are never written to disk. This feature prevents a potential intruder from scanning the virtual memory file looking for passphrases.

Memory Static Ion Migration Protection

When you mount a PGP Virtual Disk volume, your passphrase is turned into a key. This key is used to encrypt and decrypt the data on your PGP Virtual Disk volume. While the passphrase is erased from memory immediately, the key (from which your passphrase cannot be derived) remains in memory while the disk is mounted.

This key is protected from virtual memory; however, if a certain section of memory stores the exact same data for extremely long periods of time without being turned off or reset, that memory tends to retain a static charge, which could be read by attackers. If your PGP Virtual Disk volume is mounted for long periods, over time, detectable traces of your key could be retained in memory. Devices exist that could recover the key. You won’t find such devices at your neighborhood electronics shop, but major governments are likely to have a few. PGP Desktop protects against this by keeping two copies of the key in RAM, one normal copy and one bit-inverted copy, and inverting both copies every few seconds.

Other Security Considerations

In general, the ability to protect your data depends on the precautions you take, and no encryption program can protect you from sloppy security practices. For instance, if you leave your computer running with sensitive files open when you leave your desk, anyone can access that information or even obtain the key used to access the data.

Here are some tips for maintaining optimal security:

Unmount PGP Virtual Disk volumes when you leave your computer. This way, the contents will be safely stored in the encrypted file associated with the volume until you are ready to access it again.

Use a screen saver with a password so that it is more difficult for someone to access your computer or view your screen when you are away from your desk.

Make sure that your PGP Virtual Disk volumes cannot be seen by other computers on the network. You may need to talk to your network

management people to guarantee this. The files in a mounted PGP Virtual Disk volume can be accessed by anyone who can see them on the network.

PGP® Desktop for Mac OS X Using PGP Virtual Disks

Never write down your passphrases. Pick something you can remember. If you have trouble remembering your passphrase, use something to jog your memory, such as a poster, a song, a poem, a joke, but do not write down your passphrases.

If you use PGP Desktop at home and share your computer with other people, they will probably be able to see your PGP Virtual Disk volume files. As long as you unmount the PGP Virtual Disk volumes when you finish using them, no one else will be able to read their contents.

If another user has physical access to your computer, that person can delete your PGP Virtual Disk files as well as any other files or volumes. If physical access is an issue, try either backing up your PGP Virtual Disk files or keeping them on an external device over which only you have physical control.

Be aware that copies of your PGP Virtual Disk volume use the same underlying encryption key as the original. If you exchange a copy of your volume with another and both change your master passwords, both of you are still using the same key to encrypt the data. While it is not a trivial operation to recover the key, it is not impossible.

You can change the underlying key by re-encrypting the volume.

13

with PGP Portable

Use PGP Portable to distribute encrypted files to users who do not have PGP Desktop software. Use PGP Portable to transport files securely to other systems that do not or cannot have PGP software installed.

PGP Portable provides:

Portability of secured documents

Ease of distribution of secured documents

There are two types of users of PGP Portable: the user who creates the PGP Portable Disk containing secured data, and the user who does not have PGP software but needs to access that secured data. You might also be both types of users: creating a PGP Portable Disk that you can take and use on a computer at a customer's site, for example.

On a Mac OS X system, you can access encrypted data that is stored on a PGP Portable Disk.

In This Chapter

In document Diseño e implementación de un prototipo para la medición y envío de datos de un contenedor de residuos e interfaz gráfica para el manejo de gestión de residuos (página 46-74)