1. The things we're really trying to protect - contact identities,
message contents, etc - can't be erased from memory because they're
encapsulated inside objects we don't control.
2. Long-term secrets can't be protected by erasing them from memory
because they're stored in the database and the database key has to be
held in memory whenever the app's running.
3. If the runtime uses a compacting garbage collector then we have no
way to ensure an object is erased from memory.
4. Trying to erase secrets from memory makes the code more complex.
Conclusion: Let's not try to protect secrets from an attacker who can
read arbitrary memory locations.
This adds complexity but will save a lot of bandwidth, as most of the
strings and byte arrays we want to send are less than 128 bytes.
The extra complexity isn't exposed outside of the serial component.
- add a UnixRemovableDriveMonitor.checkEnabled to pre-emptively check if it's loaded
- os.arch is always x86,x86_64 on windows, i386,amd64 on linux
- source: http://www.java-gaming.org/index.php/topic,14110
- we'll deal with freebsd support when we come to it, jnotify doesn't even do this atm
Note that this is only the generator part of Fortuna, not the
accumulator. The generator requires a seed, which is provided by a
platform-specific implementation of SeedProvider. On Linux the
implementation reads the seed from /dev/urandom.
The Request packet now contains a list of message IDs, rather than a
bitmap referring to the list of messages IDs in the Offer. This allows
the Request to be understood out of context, e.g. if the Offer and
Request are sent over separate connections or a connection is replayed.
To fix issue #3611966, KeyManagerImpl's handling of TransportAddedEvent
was made asynchronous. This made it possible for a thread to call
KeyManager.endpointAdded() before the KeyManager had asynchronously
handled the TransportAddedEvent from a previous call to
DatabaseComponent.addTransport().
The invitation and private messaging UIs are currently broken. Some key
rotation bugs were fixed; others may have been created (unit tests
needed). An encoding for private keys was added. Pseudonyms were moved
out of the messaging package and ratings were moved in.
The Tor plugin tests are consistently failing with the latest versions
of Silvertunnel and Spongy Castle; we may need to ship native Tor
binaries for Windows/Mac/Linux and use Orbot on Android.
