Re: RSA's SecurPC not-so-"Secur"

New Message Reply About this list Date view Thread view Subject view Author view

Mark Rosen (mrosen@peganet.com)
Sat, 9 May 1998 15:41:17 -0400


>It's possible that the fragment is from some paging activity?
>

    It depends on what version of Windows was being used to test the
product, and how many precautions the developers took against data leakage.
    Windows NT supports the VirtualLock and VirtualUnlock functions, which
prevent data from being swapped out to disk. Unfortunately, Windows 95
(don't know about Windows 98, but I doubt it) does not implement this
functionality. Of course, the RSA should also have overwritten any memory
that was used to store sensitive data several times with 0s, 1s, random
data, and its complement.

    Small plug: my product, Kremlin, *does* use the VirtualLock/Unlock
functions, and it includes a comprehensive set of features to plug up
Windows (wipe free disk space, wipe ram/swapfile, etc.).

- Mark Rosen
http://www.mach5.com/


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:19 ADT