>>>>> "Cees" == Cees De Groot <cdegroot at gmail.com> writes:

Cees> So, we can probably agree that both are needed - a keyring and a
Cees> scrubber. And diligence to mark stuff as sensitive, both by the
Cees> developer and by the user, is also needed. .

Well, we also have to make sure that no copy of unencrypted data is
kept live in an object, and that memory areas containing sensitive
data is really cleared even when objects are moved around as the
result of a GC. Otherwise, a binary dump of the image may be all you
need to retrieve otherwise private information.

  Sam
-- 
Samuel Tardieu -- sam at rfc1149.net -- http://www.rfc1149.net/sam