Vin McLellan (vin@shore.net)
Sat, 16 May 1998 13:30:09 -0400
William H. Geiger III <whgiii@invweb.net> asked:
>> Has anyone actually *confirmed* that this is a swapfile problem or some
>> other mechanism at work causing the passphrase going to disk?
Jing Lee <Jing@rsa.com> responded:
|> The one and only one instance of the newly changed password was found in
|> the disk sector allocated for swap file in my machine.
Jing is the RSA engineer who codes for SecurPC. Given his personal
and vocational interest, I suggest his evaluation of the scope of this
problem is well informed.
<geeman@best.com> suggested another worst-case senario:
>What's amusing about this is that not only is the passphrase or whatnot out
>there on the drive because of swapping, but, hmmmm... wonder what **DATA**
>is out there that you wish/thought/imagined you encrypted?
Data, I think you'll find, is covered, even on swap ;-] (Jing,
please feel free to correct me on details.) SecurPC uses RSA's Fastcrypt
library -- which was used for years for RSADSI's internal records, btw,
before someone thought to add a GUI and market it. There seems to be no
chance that the intermediate plain-text would get swapped out. First of
all, because the memory is being actively used (so it doesn't get swapped
out by Windows or other OS's during an encryption operation.) Secondly, as
SecurPC is implemented, the plain-text buffer is overwritten by the
encrypted data -- so if the memory gets swapped out after the encryption is
complete, Windows will only toss slices of the encrypted data to the hard
disk.
Suerte,
_Vin
-----
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:25 ADT